Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2009-0194
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error.".
CVSSv2.0 Score
- Severity
- High
- Base Score
- 9.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 10/10
- Confidentiality Impact
- Complete
- Availability Impact
- Complete
- Integrity Impact
- Complete
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:garmin:garmin_communicator_plugin:2.6.4.0:*:*:*:*: |
Yes
|
- | - |
References
- http://secunia.com/advisories/34326
- http://secunia.com/secunia_research/2009-16/
- http://osvdb.org/54258
- http://securitytracker.com/id?1022173
- http://www.securityfocus.com/bid/34858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50360
- http://www.securityfocus.com/archive/1/503319/100/0/threaded