Sign-up

ID

VAR-201011-0074


CVE

CVE-2010-4302


TITLE

Cisco UVC System 5110 and 5115 of /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2010-003419

DESCRIPTION

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010. The problem is Bug ID CSCti54010 It is a problem.By recovering the plaintext value, a local user may be able to obtain important information. Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and telecom carriers that need a reliable, easy-to-manage, cost-effective network infrastructure for video conferencing applications

Trust: 2.25

sources: NVD: CVE-2010-4302 // JVNDB: JVNDB-2010-003419 // CNVD: CNVD-2010-2957 // VULHUB: VHN-46907

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-2957

AFFECTED PRODUCTS

vendor:ciscomodel:unified videoconferencing system 5115scope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 5110scope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 5115scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 5110scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 5110scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified videoconferencing system 5115scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5110

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5115

Trust: 0.6

sources: CNVD: CNVD-2010-2957 // JVNDB: JVNDB-2010-003419 // CNNVD: CNNVD-201011-238 // NVD: CVE-2010-4302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4302
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-4302
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-238
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46907
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4302
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46907
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46907 // JVNDB: JVNDB-2010-003419 // CNNVD: CNNVD-201011-238 // NVD: CVE-2010-4302

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-46907 // JVNDB: JVNDB-2010-003419 // NVD: CVE-2010-4302

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201011-238

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201011-238

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003419

PATCH
title:cisco-sa-20101206-cuvcurl:http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003419

EXTERNAL IDS
db:NVDid:CVE-2010-4302
Trust: 3.1
db:JVNDBid:JVNDB-2010-003419
Trust: 0.8
db:CNNVDid:CNNVD-201011-238
Trust: 0.7
db:CNVDid:CNVD-2010-2957
Trust: 0.6
db:FULLDISCid:20101117 CISCO UNIFIED VIDEOCONFERENCING MULTIPLE VULNERABILITIES - CVE-2010-3037 CVE-2010-3038
Trust: 0.6
db:CISCOid:20101117 MULTIPLE VULNERABILITIES IN CISCO UNIFIED VIDEOCONFERENCING PRODUCTS
Trust: 0.6
db:VULHUBid:VHN-46907
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-2957 // 
            
            
            
            VULHUB: VHN-46907 // 
            
            
            
            JVNDB: JVNDB-2010-003419 // 
            
            
            
            CNNVD: CNNVD-201011-238 // 
            
            
            
            NVD: CVE-2010-4302

REFERENCES
url:http://www.trustmatta.com/advisories/matta-2010-001.txt
Trust: 2.3
url:http://www.cisco.com/en/us/products/products_security_response09186a0080b56d0d.html
Trust: 1.7
url:http://seclists.org/fulldisclosure/2010/nov/167
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4302
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4302
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2010-2957 // 
            
            
            
            VULHUB: VHN-46907 // 
            
            
            
            JVNDB: JVNDB-2010-003419 // 
            
            
            
            CNNVD: CNNVD-201011-238 // 
            
            
            
            NVD: CVE-2010-4302

SOURCES
db:CNVDid:CNVD-2010-2957
db:VULHUBid:VHN-46907
db:JVNDBid:JVNDB-2010-003419
db:CNNVDid:CNNVD-201011-238
db:NVDid:CVE-2010-4302

LAST UPDATE DATE
2025-04-11T22:54:09.229000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-2957date:2010-11-25T00:00:00
db:VULHUBid:VHN-46907date:2010-11-30T00:00:00
db:JVNDBid:JVNDB-2010-003419date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-238date:2010-11-25T00:00:00
db:NVDid:CVE-2010-4302date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-2957date:2010-11-25T00:00:00
db:VULHUBid:VHN-46907date:2010-11-22T00:00:00
db:JVNDBid:JVNDB-2010-003419date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-238date:2010-11-24T00:00:00
db:NVDid:CVE-2010-4302date:2010-11-22T20:00:04.057