CVE-2010-0225

EPSS 0.03%
Published 07.01.2010 19:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Sandisk ≫ Cruzer Enterprise Firmware Version-

Sandisk ≫ Cruzer Enterprise Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://blogs.zdnet.com/hardware/?p=6655

Broken Link

http://it.slashdot.org/story/10/01/05/1734242/

Third Party Advisory

http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html

Third Party Advisory

http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9

https://www.ironkey.com/usb-flash-drive-flaw-exposed

Broken Link

http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009

Vendor Advisory

http://www.securityfocus.com/bid/37677

Third Party Advisory

VDB Entry

http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf

Broken Link

http://www.vupen.com/english/advisories/2010/0078

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-0225

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0225

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0225

EUVD