CVE-2010-0225 - SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the clear

CVE-2010-0225

Summary

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

References

Vulnerable Configurations

cpe:2.3:o:sandisk:cruzer_enterprise_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sandisk:cruzer_enterprise_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sandisk:cruzer_enterprise:-:*:*:*:*:*:*:*
cpe:2.3:h:sandisk:cruzer_enterprise:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 10-02-2022 - 17:04)
Impact:
Exploitability:

CWE

CWE-312

CAPEC

Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	37677
misc	http://blogs.zdnet.com/hardware/?p=6655 http://it.slashdot.org/story/10/01/05/1734242/ http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9 https://www.ironkey.com/usb-flash-drive-flaw-exposed
vupen	ADV-2010-0078

Last major update

10-02-2022 - 17:04

Published

07-01-2010 - 19:30

Last modified

10-02-2022 - 17:04