Vulnerabilities > CVE-2010-1913 - Configuration vulnerability in Consona products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

consona

CWE-16

critical

NVD

Published: 2010-05-12

Updated: 2018-10-10

Summary

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.

Vulnerable Configurations

Part	Description	Count
Application	Consona Consona Consona Dynamic Agent - Consona Consona Live Assistance * Consona Consona Subscriber Assistance *	5

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References