Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Unified Videoconferencing multiple security vulnerabilities
Published:18.11.2010
Source:
SecurityVulns ID:11260
Type:remote
Threat Level:
8/10
Description:Hardcoded user accounts, command execution, unauthorized access, password storing in reversible encryption, weak permissions, session hijacking, information leaks.
Affected:CISCO : Cisco Unified Videoconferencing 5110
 CISCO : Cisco Unified Videoconferencing 5115
 CISCO : Cisco Unified Videoconferencing 5230
 CISCO : Cisco Unified Videoconferencing 3545
 CISCO : Cisco Unified Videoconferencing 3527
 CISCO : Cisco Unified Videoconferencing 3522
 CISCO : Cisco Unified Videoconferencing 3515
CVE:CVE-2010-3038 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.)
 CVE-2010-3037 (goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059.)
Original documentdocumentFlorent Daigniere, Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038 (18.11.2010)
 documentCISCO, Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products (18.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod