Vulnerability CVE-2019-11885


Published: 2019-05-12

Description:
eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command.

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Eye-disk -> Eyedisk 

 References:
https://www.pentestpartners.com/security-blog/eyedisk-hacking-the-unhackable-again/

Copyright 2024, cxsecurity.com

 

Back to Top