Vulnerability Center: 22035 - Garmin Communicator Plug-In 2.6.4.0 Domain-Locking Remote Sensitive Information Disclosure, Medium +1631 days □ Sources info edit Advisory: Threat Intelligence info edit Interest: □Īctive APT Groups: □ Countermeasures info edit Recommended: no mitigation known Product info editĬVSSv3 info edit VulDB Meta Base Score: 9.8 The vulnerability is also documented in the databases at X-Force ( 50360), SecurityTracker ( ID 1022173) and Vulnerability Center ( SBV-22035). It may be suggested to replace the affected object with an alternative product. There is no information about possible countermeasures known. During that time the estimated underground price was around $0-$5k. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK. Technical details of the vulnerability are known, but there is no available exploit. No form of authentication is needed for a successful exploitation. The identification of this vulnerability is CVE-2009-0194 since. The weakness was disclosed by Dyon Balding with Secunia Research (Website). The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." Impacted is confidentiality, integrity, and availability. Using CWE to declare the problem leads to CWE-264. The manipulation with an unknown input leads to a privilege escalation vulnerability. This issue affects an unknown part in the library npGarmin.dll of the component ActiveX Control. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability, which was classified as critical, has been found in GARMIN Garmin Communicator Plugin 2.6.4.0. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |