CVE-2010-0228

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://blogs.zdnet.com/hardware/?p=6655
http://it.slashdot.org/story/10/01/05/1734242/
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
http://www.verbatim.com/security/security-update.cfm	Vendor Advisory
https://www.ironkey.com/usb-flash-drive-flaw-exposed

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:verbatim:corporate_secure::::::::
	cpe:2.3:h:verbatim:corporate_secure:::fips:::::*

History

No history.

Information

Published : 2010-01-07 19:30

Updated : 2024-02-28 11:41

NVD link : CVE-2010-0228

Mitre link : CVE-2010-0228

CVE.ORG link : CVE-2010-0228

JSON object : View

Products Affected

verbatim

corporate_secure

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2010-0228", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2010-01-07T19:30:00.713", "references": [{"url": "http://blogs.zdnet.com/hardware/?p=6655", "source": "cve@mitre.org"}, {"url": "http://it.slashdot.org/story/10/01/05/1734242/", "source": "cve@mitre.org"}, {"url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", "source": "cve@mitre.org"}, {"url": "http://www.verbatim.com/security/security-update.cfm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."}, {"lang": "es", "value": "Los dispositivos flash USB Verbatim Corporate Secure y Corporate Secure FIPS Edition utilizan una soluci\u00f3n de clave de 256-bit para obtener acceso al contenido del dispositivo en texto plano, lo que hace m\u00e1s f\u00e1cil a atacantes f\u00edsicamente pr\u00f3ximos leer o modificar informaci\u00f3n determinando y proporcionando esta clave."}], "lastModified": "2010-01-08T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:verbatim:corporate_secure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BCF538F-945E-484F-847A-77D148E569FD"}, {"criteria": "cpe:2.3:h:verbatim:corporate_secure:*:*:fips:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B85262D-B58D-4935-BAE2-A28A79F2C369"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}