CVE-2010-2465 : The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sens

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.

Published 2010-06-25 21:30:02

Updated 2010-07-13 05:52:58

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-2465

Probability of exploitation activity in the next 30 days: 0.66%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2465

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2010-2465

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2465

http://blip.tv/file/3414004

Exploit

CVEs referencing this url
http://www.darkreading.com/blog/archives/2010/04/attacking_door.html

Commentary - Latest Content - Dark Reading

CVEs referencing this url
http://www.kb.cert.org/vuls/id/251133

VU#251133 - S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-83TQL8

VU#251133 - S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs
http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon

We Don\'t Need no Stinkin Badges: hacking Electronic Door Access Con…
Exploit

CVEs referencing this url
http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2

www.SecurityInfoWatch.com

CVEs referencing this url
http://www.securityfocus.com/bid/41134

S2 NetBox Multiple Information Disclosure Vulnerabilities

Products affected by CVE-2010-2465

S2sys » Netbox » Version: 4.0
cpe:2.3:h:s2sys:netbox:4.0:*:*:*:*:*:*:*
Matching versions
S2sys » Netbox » Version: 2.5
cpe:2.3:h:s2sys:netbox:2.5:*:*:*:*:*:*:*
Matching versions
S2sys » Netbox » Version: 3.3
cpe:2.3:h:s2sys:netbox:3.3:*:*:*:*:*:*:*
Matching versions
Linearcorp » Emerge 50
cpe:2.3:h:linearcorp:emerge_50:*:*:*:*:*:*:*:*
Matching versions
Linearcorp » Emerge 5000
cpe:2.3:h:linearcorp:emerge_5000:*:*:*:*:*:*:*:*
Matching versions
Sonitrol » Eaccess
cpe:2.3:h:sonitrol:eaccess:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-2465

Exploit prediction scoring system (EPSS) score for CVE-2010-2465

CVSS scores for CVE-2010-2465

CWE ids for CVE-2010-2465

References for CVE-2010-2465

Products affected by CVE-2010-2465