ID CVE-2010-1906
Summary tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
References
Vulnerable Configurations
  • cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*
    cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*
    cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*
  • cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*
    cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*
  • cpe:2.3:a:consona:consona_repair_manager:*:*:*:*:*:*:*:*
    cpe:2.3:a:consona:consona_repair_manager:*:*:*:*:*:*:*:*
  • cpe:2.3:a:consona:consona_subscriber_activation:*:*:*:*:*:*:*:*
    cpe:2.3:a:consona:consona_subscriber_activation:*:*:*:*:*:*:*:*
  • cpe:2.3:a:consona:consona_subscriber_agent:*:*:*:*:*:*:*:*
    cpe:2.3:a:consona:consona_subscriber_agent:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 10-10-2018 - 19:57)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bugtraq 20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities
cert-vn VU#602801
confirm http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
misc
secunia 39752
Last major update 10-10-2018 - 19:57
Published 12-05-2010 - 11:46
Last modified 10-10-2018 - 19:57
Back to Top