Vulnerability CVE-2010-3038
Published: 2010-11-22   Modified: 2012-02-13

Description:
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.

See advisories in our WLB2 database:
Topic
Author
Date
High
Cisco Unified Videoconferencing multiple vulnerabilities
Florent Daignier...
24.11.2010

Type:

CWE-255

 (Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Unified videoconferencing system 5110 firmware 
Cisco -> Unified videoconferencing system 5115 firmware 
Cisco -> Unified videoconferencing system 5110 
Cisco -> Unified videoconferencing system 5115 

 References:
http://www.trustmatta.com/advisories/MATTA-2010-001.txt
http://www.securitytracker.com/id?1024753
http://www.securityfocus.com/bid/44924
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
http://seclists.org/fulldisclosure/2010/Nov/167
Copyright 2024, cxsecurity.com

 

Back to Top