CVE-2010-1906

Published May 12, 2010

Last updated 6 years ago

Overview

Description: tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-310

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E86DC4D-1E5C-4284-AA49-FD5F3AA9056A"
          },
          {
            "criteria": "cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76A93E2B-D458-43A4-A4A5-9FA0981B72EF"
          },
          {
            "criteria": "cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1AAF4CD-3D1A-4C44-8338-4F614E4645CB"
          },
          {
            "criteria": "cpe:2.3:a:consona:consona_repair_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30CE5337-79F6-4C02-A5F4-81A29257D580"
          },
          {
            "criteria": "cpe:2.3:a:consona:consona_subscriber_activation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89519FBD-EF43-45E1-80F1-B9C7372137D3"
          },
          {
            "criteria": "cpe:2.3:a:consona:consona_subscriber_agent:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06F48C4A-0232-4375-888D-CE8EB9E833AF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References