Vulnerability Description
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kingston | Datatraveler Blackbox | All versions |
| Kingston | Datatraveler Elite | All versions |
| Kingston | Datatraveler Secure | All versions |
Related Weaknesses (CWE)
References
- http://blogs.zdnet.com/hardware/?p=6655
- http://it.slashdot.org/story/10/01/05/1734242/
- http://news.zdnet.co.uk/security/0%2C1000000189%2C39963327%2C00.htm
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-
- http://www.kingston.com/driveupdate/Vendor Advisory
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_k
- http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
- http://www.vupen.com/english/advisories/2010/0080
- https://www.ironkey.com/usb-flash-drive-flaw-exposed
- http://blogs.zdnet.com/hardware/?p=6655
- http://it.slashdot.org/story/10/01/05/1734242/
- http://news.zdnet.co.uk/security/0%2C1000000189%2C39963327%2C00.htm
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-
- http://www.kingston.com/driveupdate/Vendor Advisory
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_k
FAQ
What is CVE-2010-0222?
CVE-2010-0222 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cl...
How severe is CVE-2010-0222?
CVE-2010-0222 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0222?
Check the references section above for vendor advisories and patch information. Affected products include: Kingston Datatraveler Blackbox, Kingston Datatraveler Elite, Kingston Datatraveler Secure.