CVE-2013-6884 — HIGH (10.0)

Q: What is CVE-2013-6884?

CVE-2013-6884 is a vulnerability with a CVSS score of 10.0 (HIGH). The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

Q: How severe is CVE-2013-6884?

CVE-2013-6884 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-6884?

Check the references section above for vendor advisories and patch information. Affected products include: Cru-Inc Ditto Forensic Fieldstation Firmware, Cru-Inc Ditto Forensic Fieldstation.

Vulnerability Description

The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cru-Inc	Ditto Forensic Fieldstation Firmware	<= 2013jun30a
Cru-Inc	Ditto Forensic Fieldstation	-

Related Weaknesses (CWE)

CWE-255

References

http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct1Exploit
http://seclists.org/fulldisclosure/2013/Dec/80
http://secunia.com/advisories/55989Vendor Advisory
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-fVendor Advisory
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-fVendor Advisory
http://www.exploit-db.com/exploits/30396Exploit
http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct1Exploit
http://seclists.org/fulldisclosure/2013/Dec/80
http://secunia.com/advisories/55989Vendor Advisory
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-fVendor Advisory
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-fVendor Advisory
http://www.exploit-db.com/exploits/30396Exploit

FAQ

What is CVE-2013-6884?

CVE-2013-6884 is a vulnerability with a CVSS score of 10.0 (HIGH). The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

How severe is CVE-2013-6884?

CVE-2013-6884 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-6884?

Check the references section above for vendor advisories and patch information. Affected products include: Cru-Inc Ditto Forensic Fieldstation Firmware, Cru-Inc Ditto Forensic Fieldstation.