CVE-2010-1906

high

Description

tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.

References

http://www.securityfocus.com/archive/1/511176/100/0/threaded

http://www.kb.cert.org/vuls/id/602801

http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf

http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html

http://secunia.com/advisories/39752

Details

Source: Mitre, NVD

Published: 2010-05-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.03147