CVE-2010-1913 - OpenCVE

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Consona	Consona Dynamic Agent Consona Live Assistance Consona Subscriber Assistance

Configuration 1 [-]

OR	cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:::::*
	cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:::::*
	cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:::::*
	cpe:2.3:a:consona:consona_live_assistance::::::::
	cpe:2.3:a:consona:consona_subscriber_assistance::::::::

No data.

References

Link	Providers
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.kb.cert.org/vuls/id/602801
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.wintercore.com/downloads/rootedcon_0day.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-05-11T23:00:00

Updated: 2024-08-07T02:17:12.391Z

Reserved: 2010-05-11T00:00:00

Link: CVE-2010-1913

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-05-12T11:46:31.830

Modified: 2018-10-10T19:58:00.313

Link: CVE-2010-1913

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-06T00:00:00", "descriptions": [{"lang": "en", "value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#602801", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/602801"}, {"tags": ["x_refsource_MISC"], "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"}, {"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1913", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#602801", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/602801"}, {"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html", "refsource": "MISC", "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"}, {"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf", "refsource": "MISC", "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"}, {"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:17:12.391Z"}, "title": "CVE Program Container", "references": [{"name": "VU#602801", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/602801"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"}, {"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1913", "datePublished": "2010-05-11T23:00:00", "dateReserved": "2010-05-11T00:00:00", "dateUpdated": "2024-08-07T02:17:12.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*", "matchCriteriaId": "3E86DC4D-1E5C-4284-AA49-FD5F3AA9056A", "vulnerable": true}, {"criteria": "cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*", "matchCriteriaId": "76A93E2B-D458-43A4-A4A5-9FA0981B72EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*", "matchCriteriaId": "F1AAF4CD-3D1A-4C44-8338-4F614E4645CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDD3CC62-BB8B-435F-A9F3-CD6DE608F463", "vulnerable": true}, {"criteria": "cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F445B64-34D5-4372-9861-2216442E4069", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de pluginlicense.ini para la interfaz SdcWebSecureBase en tgctlcm.dll en Consona Live Assistance, Dynamic Agent, y Subscriber Assistance, cuando se descargan de un servidor operado por Telef\u00f3nica o posiblemente otras empresas, contiene una lista blanca de DNS incorrectos que incluye los nombres de host DNS de los ordenadores personales de muchas personas, lo cual permite a atacantes remotos eludir restricciones de ejecuci\u00f3n de ActiveX alojando un control ActiveX en un servidor Web dom\u00e9stico de origen aplicable."}], "id": "CVE-2010-1913", "lastModified": "2018-10-10T19:58:00.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-05-12T11:46:31.830", "references": [{"source": "cve@mitre.org", "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/602801"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}