CVE-2010-2465
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.
S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, almacena información sensible bajo la raíz web con insuficiente control de acceso, lo que permite a atacantes remotos descargar logs de nodo, fotografías de personas, y archivos backup a través de peticiones no especificadas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-06-25 CVE Reserved
- 2010-06-25 CVE Published
- 2024-01-04 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/65757 | Vdb Entry | |
| http://secunia.com/advisories/40374 | Third Party Advisory | |
| http://www.darkreading.com/blog/archives/2010/04/attacking_door.html | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/251133 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/MAPG-83TQL8 | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/41134 | Vdb Entry | |
| http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| S2sys Search vendor "S2sys" | Netbox Search vendor "S2sys" for product "Netbox" | 2.5 Search vendor "S2sys" for product "Netbox" and version "2.5" | - |
Affected
| ||||||
| S2sys Search vendor "S2sys" | Netbox Search vendor "S2sys" for product "Netbox" | 3.3 Search vendor "S2sys" for product "Netbox" and version "3.3" | - |
Affected
| ||||||
| S2sys Search vendor "S2sys" | Netbox Search vendor "S2sys" for product "Netbox" | 4.0 Search vendor "S2sys" for product "Netbox" and version "4.0" | - |
Affected
| ||||||
| Linearcorp Search vendor "Linearcorp" | Emerge 50 Search vendor "Linearcorp" for product "Emerge 50" | * | - |
Affected
| ||||||
| Linearcorp Search vendor "Linearcorp" | Emerge 5000 Search vendor "Linearcorp" for product "Emerge 5000" | * | - |
Affected
| ||||||
| Sonitrol Search vendor "Sonitrol" | Eaccess Search vendor "Sonitrol" for product "Eaccess" | * | - |
Affected
| ||||||