CVE-2010-0225

2010-01-0719:00:00

mitre

www.cve.org

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.7%

JSON

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

References

blogs.zdnet.com/hardware/?p=6655

it.slashdot.org/story/10/01/05/1734242/

www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html

www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009

www.securityfocus.com/bid/37677

www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf

www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9

www.vupen.com/english/advisories/2010/0078

www.ironkey.com/usb-flash-drive-flaw-exposed