CVE-2010-1906 (GCVE-0-2010-1906)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39752 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\.\\pipe\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\.\\pipe\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1906",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2010-1906",
"date": "2026-05-29",
"epss": "0.04527",
"percentile": "0.89334"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"3E86DC4D-1E5C-4284-AA49-FD5F3AA9056A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*\", \"matchCriteriaId\": \"76A93E2B-D458-43A4-A4A5-9FA0981B72EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*\", \"matchCriteriaId\": \"F1AAF4CD-3D1A-4C44-8338-4F614E4645CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_repair_manager:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30CE5337-79F6-4C02-A5F4-81A29257D580\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_subscriber_activation:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89519FBD-EF43-45E1-80F1-B9C7372137D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_subscriber_agent:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06F48C4A-0232-4375-888D-CE8EB9E833AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D56B932B-9593-44E2-B610-E4EB2143EB21\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3852BB02-47A1-40B3-8E32-8D8891A53114\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\\\\\.\\\\pipe\\\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.\"}, {\"lang\": \"es\", \"value\": \"tgsrv.exe en Repair Service en Consona Dynamic Agent, Repair Manager, Subscriber Activation, y Subscriber Agent se basa en un campo de marca de tiempo previsible para validar la entrada a tuberia llamada \\\\\\\\.\\\\pipe\\\\__RepairService_pipe__company, lo cual permite a usuarios remotos autenticados ejecutar cualquier c\\u00f3digo mediante la obtenci\\u00f3n de la hora actual de (1) tcpip.sys o (2) un servicio SMB2.\"}]",
"id": "CVE-2010-1906",
"lastModified": "2024-11-21T01:15:26.160",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2010-05-12T11:46:31.580",
"references": "[{\"url\": \"http://secunia.com/advisories/39752\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/602801\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/511176/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.wintercore.com/downloads/rootedcon_0day.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/39752\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/602801\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/511176/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.wintercore.com/downloads/rootedcon_0day.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-1906\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-05-12T11:46:31.580\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\\\\\.\\\\pipe\\\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.\"},{\"lang\":\"es\",\"value\":\"tgsrv.exe en Repair Service en Consona Dynamic Agent, Repair Manager, Subscriber Activation, y Subscriber Agent se basa en un campo de marca de tiempo previsible para validar la entrada a tuberia llamada \\\\\\\\.\\\\pipe\\\\__RepairService_pipe__company, lo cual permite a usuarios remotos autenticados ejecutar cualquier c\u00f3digo mediante la obtenci\u00f3n de la hora actual de (1) tcpip.sys o (2) un servicio SMB2.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"3E86DC4D-1E5C-4284-AA49-FD5F3AA9056A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*\",\"matchCriteriaId\":\"76A93E2B-D458-43A4-A4A5-9FA0981B72EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*\",\"matchCriteriaId\":\"F1AAF4CD-3D1A-4C44-8338-4F614E4645CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_repair_manager:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30CE5337-79F6-4C02-A5F4-81A29257D580\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_subscriber_activation:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89519FBD-EF43-45E1-80F1-B9C7372137D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_subscriber_agent:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F48C4A-0232-4375-888D-CE8EB9E833AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56B932B-9593-44E2-B610-E4EB2143EB21\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/39752\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/602801\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/511176/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.wintercore.com/downloads/rootedcon_0day.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/39752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/602801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/511176/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.wintercore.com/downloads/rootedcon_0day.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…