Lucene search

[email protected]CVE-2010-2468

HistoryJun 25, 2010 - 9:30 p.m.

CVE-2010-2468

2010-06-2521:30:01

CWE-310

[email protected]

web.nvd.nist.gov

s2 security

netbox

linear emerge

sonitrol eaccess

weak hash algorithm

administrator password

vulnerability

cve-2010-2468

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.3%

JSON

The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password.

Affected configurations

NVD

Node

s2sysnetboxMatch2.5

s2sysnetboxMatch3.3

Node

linearcorpemerge_50

linearcorpemerge_5000

Node

sonitroleaccess

CPENameOperatorVersion
s2sys:netboxs2sys netboxeq2.5
s2sys:netboxs2sys netboxeq3.3

CPE	Name	Operator	Version
s2sys:netbox	s2sys netbox	eq	2.5
s2sys:netbox	s2sys netbox	eq	3.3

References

blip.tv/file/3414004

www.darkreading.com/blog/archives/2010/04/attacking_door.html

www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2

www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon

exchange.xforce.ibmcloud.com/vulnerabilities/59827

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.3%

JSON

Related for CVE-2010-2468

cvelist1 prion1 nvd1