Lucene search

[email protected]CVE-2010-2466

HistoryJun 25, 2010 - 9:30 p.m.

CVE-2010-2466

2010-06-2521:30:01

CWE-264

[email protected]

web.nvd.nist.gov

s2 security netbox

linear emerge

sonitrol eaccess

cve-2010-2466

security vulnerability

database backups

remote attackers

sensitive information

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.8%

JSON

The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames.

Affected configurations

NVD

Node

s2sysnetboxMatch2.5

s2sysnetboxMatch3.3

Node

linearcorpemerge_50

linearcorpemerge_5000

Node

sonitroleaccess

CPENameOperatorVersion
s2sys:netboxs2sys netboxeq2.5
s2sys:netboxs2sys netboxeq3.3

CPE	Name	Operator	Version
s2sys:netbox	s2sys netbox	eq	2.5
s2sys:netbox	s2sys netbox	eq	3.3

References

blip.tv/file/3414004

www.darkreading.com/blog/archives/2010/04/attacking_door.html

www.kb.cert.org/vuls/id/228737

www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2

www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon

exchange.xforce.ibmcloud.com/vulnerabilities/59826

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2010-2466

cvelist1 nvd1 prion1 cert1