VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2465
netbox, emerge_50, emerge_5000, eaccess: The S2 Security NetBox 2.5, 3.3, and 4.0, as used i...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2465

Original

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-25
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-28




Affected Product Tags
cpe:/h:linearcorp:emerge_50
cpe:/h:linearcorp:emerge_5000
cpe:/h:s2sys:netbox:2.5
cpe:/h:s2sys:netbox:3.3
cpe:/h:s2sys:netbox:4.0
cpe:/h:sonitrol:eaccess
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
VU#251133




BID 41134




CONFIRM http://www.kb.cert.org/vuls/id/MAPG-83TQL8




MISC http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon




MISC http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2




MISC http://www.darkreading.com/blog/archives/2010/04/attacking_door.html




MISC http://blip.tv/file/3414004




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.