Vulnerability CVE-2010-1906
Published: 2010-05-12   Modified: 2012-02-13

Description:
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.

See advisories in our WLB2 database:
Topic
Author
Date
High
Consona Products - Multiple vulnerabilities
wintercore
23.05.2010

Type:

CWE-310

 (Cryptographic Issues)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Consona -> Consona dynamic agent 
Consona -> Consona repair manager 
Consona -> Consona subscriber activation 
Consona -> Consona subscriber agent 

 References:
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
http://www.kb.cert.org/vuls/id/602801
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.wintercore.com/downloads/rootedcon_0day.pdf
Copyright 2024, cxsecurity.com

 

Back to Top