Vulnerability Name:

CVE-2010-1906 (CCN-58369)

Assigned:2010-04-16
Published:2010-04-16
Updated:2018-10-10
Summary:tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-310
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2010-1906

Source: CCN
Type: SA39752
Consona CRM Suite Repair Service Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39752

Source: MISC
Type: UNKNOWN
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html

Source: CCN
Type: Consona CRM Inc.
Security Bulletin For Consona Live Assistance Consona Dynamic Agent Consona Subscriber Assistance

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf

Source: CCN
Type: US-CERT VU#602801
Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilities

Source: CERT-VN
Type: Patch, US Government Resource
VU#602801

Source: CCN
Type: OSVDB ID: 64390
Consona CRM Suite Repair Service tgsrv.exe Predictable Timestamp Field Remote Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities

Source: CCN
Type: BID-40010
Multiple Consona Products Unspecified Local Privilege Escalation Vulnerability

Source: CCN
Type: Congreso de Seguridad ~ Rooted CONÂ’2010
RELEASING A 0DAY AT ROOTEDCON The Case of Consona/SupportSoft

Source: MISC
Type: Exploit
http://www.wintercore.com/downloads/rootedcon_0day.pdf

Source: XF
Type: UNKNOWN
crmsuite-repairservice-privilege-escalation(58369)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*
  • OR cpe:/a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*
  • OR cpe:/a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*
  • OR cpe:/a:consona:consona_repair_manager:*:*:*:*:*:*:*:*
  • OR cpe:/a:consona:consona_subscriber_activation:*:*:*:*:*:*:*:*
  • OR cpe:/a:consona:consona_subscriber_agent:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*
  • OR cpe:/a:consona:consona_subscriber_activation:*:*:*:*:*:*:*:*
  • OR cpe:/a:consona:consona_subscriber_agent:*:*:*:*:*:*:*:*
  • OR cpe:/a:consona:consona_repair_manager:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    consona consona dynamic agent - -
    consona consona dynamic agent - -
    consona consona dynamic agent - -
    consona consona repair manager *
    consona consona subscriber activation *
    consona consona subscriber agent *
    microsoft windows 7 *
    microsoft windows vista *
    microsoft windows 7 *
    consona consona subscriber activation *
    consona consona subscriber agent *
    consona consona repair manager *