CVE-2010-0228

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://blogs.zdnet.com/hardware/?p=6655
https://www.ironkey.com/usb-flash-drive-flaw-exposed
http://it.slashdot.org/story/10/01/05/1734242/
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
http://www.verbatim.com/security/security-update.cfm	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:verbatim:corporate_secure::::::::
	cpe:2.3:h:verbatim:corporate_secure:::fips:::::*

Information

Published : 2010-01-07 11:30

Updated : 2010-01-07 21:00

NVD link : CVE-2010-0228

Mitre link : CVE-2010-0228

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

verbatim

corporate_secure

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://blogs.zdnet.com/hardware/?p=6655", "name": "http://blogs.zdnet.com/hardware/?p=6655", "tags": [], "refsource": "MISC"}, {"url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", "name": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", "tags": [], "refsource": "MISC"}, {"url": "http://it.slashdot.org/story/10/01/05/1734242/", "name": "http://it.slashdot.org/story/10/01/05/1734242/", "tags": [], "refsource": "MISC"}, {"url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", "name": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.verbatim.com/security/security-update.cfm", "name": "http://www.verbatim.com/security/security-update.cfm", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0228", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2010-01-07T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:verbatim:corporate_secure:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:verbatim:corporate_secure:*:*:fips:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-01-08T05:00Z"}

4.6 /10