// For flags

CVE-2004-1038

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-11-16 CVE Reserved
  • 2004-11-16 CVE Published
  • 2023-10-24 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (21)
URL Tag Source
http://it.slashdot.org/article.pl?sid=08/03/04/1258210 X_refsource_misc
http://marc.info/?l=bugtraq&m=109881362530790&w=2 Mailing List
http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf X_refsource_misc
http://pacsec.jp/advisories.html X_refsource_misc
http://storm.net.nz/projects/16 X_refsource_misc
http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf X_refsource_misc
http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf X_refsource_misc
http://www.securityfocus.com/archive/1/489163/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489175/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489189/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489212/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489257/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489269/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489295/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489296/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489322/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489330/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489335/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489342/100/0/threaded Mailing List
http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/18041 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ieee
Search vendor "Ieee"
 Firewire Ieee
Search vendor "Ieee" for product "Firewire Ieee"
 1394
Search vendor "Ieee" for product "Firewire Ieee" and version "1394"
-
Affected