Vulnerability Description
SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sandisk | Cruzer Enterprise Usb | All versions |
Related Weaknesses (CWE)
References
- http://blogs.zdnet.com/hardware/?p=6655
- http://it.slashdot.org/story/10/01/05/1734242/
- http://securitytracker.com/id?1023408
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-
- http://www.sandisk.com/business-solutions/enterprise/technical-support/security-Vendor Advisory
- http://www.securityfocus.com/bid/37677
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_k
- http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
- http://www.vupen.com/english/advisories/2010/0078
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55475
- https://www.ironkey.com/usb-flash-drive-flaw-exposed
- http://blogs.zdnet.com/hardware/?p=6655
- http://it.slashdot.org/story/10/01/05/1734242/
- http://securitytracker.com/id?1023408
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-
FAQ
What is CVE-2010-0224?
CVE-2010-0224 is a vulnerability with a CVSS score of 4.6 (MEDIUM). SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cle...
How severe is CVE-2010-0224?
CVE-2010-0224 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0224?
Check the references section above for vendor advisories and patch information. Affected products include: Sandisk Cruzer Enterprise Usb.