Vulnerability Details : CVE-2010-2465
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.
Exploit prediction scoring system (EPSS) score for CVE-2010-2465
Probability of exploitation activity in the next 30 days: 0.66%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2465
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-2465
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2465
-
http://blip.tv/file/3414004
Exploit
-
http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
Commentary - Latest Content - Dark Reading
-
http://www.kb.cert.org/vuls/id/251133
VU#251133 - S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographsUS Government Resource
-
http://www.kb.cert.org/vuls/id/MAPG-83TQL8
VU#251133 - S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs
-
http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
We Don\'t Need no Stinkin Badges: hacking Electronic Door Access Con…Exploit
-
http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2
www.SecurityInfoWatch.com
-
http://www.securityfocus.com/bid/41134
S2 NetBox Multiple Information Disclosure Vulnerabilities
Products affected by CVE-2010-2465
- cpe:2.3:h:s2sys:netbox:4.0:*:*:*:*:*:*:*
- cpe:2.3:h:s2sys:netbox:2.5:*:*:*:*:*:*:*
- cpe:2.3:h:s2sys:netbox:3.3:*:*:*:*:*:*:*
- cpe:2.3:h:linearcorp:emerge_50:*:*:*:*:*:*:*:*
- cpe:2.3:h:linearcorp:emerge_5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonitrol:eaccess:*:*:*:*:*:*:*:*