Lucene search

[email protected]NVD:CVE-2010-2306

HistoryJun 16, 2010 - 8:30 p.m.

CVE-2010-2306

2010-06-1620:30:02

CWE-16

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

69.7%

JSON

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.

Affected configurations

Nvd

Node

sourcefire3d1000

sourcefire3d2000

sourcefire3d9900

Node

sourcefiredc1000

VendorProductVersionCPE
sourcefire3d1000*cpe:2.3:h:sourcefire:3d1000:*:*:*:*:*:*:*:*
sourcefire3d2000*cpe:2.3:h:sourcefire:3d2000:*:*:*:*:*:*:*:*
sourcefire3d9900*cpe:2.3:h:sourcefire:3d9900:*:*:*:*:*:*:*:*
sourcefiredc1000*cpe:2.3:h:sourcefire:dc1000:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sourcefire	3d1000	*	cpe:2.3:h:sourcefire:3d1000::::::::
sourcefire	3d2000	*	cpe:2.3:h:sourcefire:3d2000::::::::
sourcefire	3d9900	*	cpe:2.3:h:sourcefire:3d9900::::::::
sourcefire	dc1000	*	cpe:2.3:h:sourcefire:dc1000::::::::

References

osvdb.org/65470

secunia.com/advisories/40143

www.securityfocus.com/archive/1/511792/100/0/threaded

www.securitytracker.com/id?1024092

www.vupen.com/english/advisories/2010/1438

www.zerodayinitiative.com/advisories/ZDI-10-107/

exchange.xforce.ibmcloud.com/vulnerabilities/59380

support.sourcefire.com/notices/notice/1437

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

69.7%

JSON

Related for NVD:CVE-2010-2306

cvelist1 prion1 cve1