CVE-2010-0225 - Vulnerability Details - OpenCVE

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

Vendors	Products
Sandisk	Cruzer Enterprise Cruzer Enterprise Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sandisk:cruzer_enterprise_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sandisk:cruzer_enterprise:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2010-0256	SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://blogs.zdnet.com/hardware/?p=6655
http://it.slashdot.org/story/10/01/05/1734242/
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
http://www.securityfocus.com/bid/37677
http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf
http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
http://www.vupen.com/english/advisories/2010/0078
https://www.ironkey.com/usb-flash-drive-flaw-exposed

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-01-07T19:00:00

Updated: 2024-08-07T00:45:11.236Z

Reserved: 2010-01-07T00:00:00

Link: CVE-2010-0225

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-01-07T19:30:00.607

Modified: 2025-04-09T00:30:58.490

Link: CVE-2010-0225

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-03-26T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9"}, {"tags": ["x_refsource_MISC"], "url": "http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009"}, {"tags": ["x_refsource_MISC"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"tags": ["x_refsource_MISC"], "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf"}, {"name": "ADV-2010-0078", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0078"}, {"name": "37677", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37677"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9", "refsource": "MISC", "url": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9"}, {"name": "http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009", "refsource": "MISC", "url": "http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009"}, {"name": "http://it.slashdot.org/story/10/01/05/1734242/", "refsource": "MISC", "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"name": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", "refsource": "MISC", "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"name": "http://blogs.zdnet.com/hardware/?p=6655", "refsource": "MISC", "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"name": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf", "refsource": "MISC", "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf"}, {"name": "ADV-2010-0078", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0078"}, {"name": "37677", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37677"}, {"name": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", "refsource": "MISC", "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:11.236Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf"}, {"name": "ADV-2010-0078", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0078"}, {"name": "37677", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37677"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0225", "datePublished": "2010-01-07T19:00:00", "dateReserved": "2010-01-07T00:00:00", "dateUpdated": "2024-08-07T00:45:11.236Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sandisk:cruzer_enterprise_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA15FFAF-2079-474F-BCC6-2753C235A95C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sandisk:cruzer_enterprise:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B40829F-FB39-46EE-9F6B-1B8EC120634E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."}, {"lang": "es", "value": "Los dispositivos flash USB SanDisk Cruzer Enterprise utilizan una soluci\u00f3n de clave de 256-bit para obtener acceso al contenido del dispositivo en texto plano, lo que hace m\u00e1s f\u00e1cil a atacantes f\u00edsicamente pr\u00f3ximos leer o modificar informaci\u00f3n determinando y proporcionando esta clave."}], "id": "CVE-2010-0225", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-01-07T19:30:00.607", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37677"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf"}, {"source": "cve@mitre.org", "url": "http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0078"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0078"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}