Sign-up

ID

VAR-201011-0075


CVE

CVE-2010-4303


TITLE

Cisco UVC System Multiple Products /etc/shadow File Trust Management Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2010-2956 // CNNVD: CNNVD-201011-239

DESCRIPTION

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043. Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and telecom carriers that need a reliable, easy-to-manage, cost-effective network infrastructure for video conferencing applications. Unified Videoconferencing System 5110 is prone to a local security vulnerability

Trust: 2.52

sources: NVD: CVE-2010-4303 // JVNDB: JVNDB-2010-003420 // CNVD: CNVD-2010-2956 // BID: 78759 // VULHUB: VHN-46908

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-2956

AFFECTED PRODUCTS

vendor:ciscomodel:unified videoconferencing system 5115scope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 5110scope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 5115scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 5110scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 5110scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified videoconferencing system 5115scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5110

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5115

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51157.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51150

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51107.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51100

Trust: 0.3

sources: CNVD: CNVD-2010-2956 // BID: 78759 // JVNDB: JVNDB-2010-003420 // CNNVD: CNNVD-201011-239 // NVD: CVE-2010-4303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4303
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-4303
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-239
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46908
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4303
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46908
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46908 // JVNDB: JVNDB-2010-003420 // CNNVD: CNNVD-201011-239 // NVD: CVE-2010-4303

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-46908 // JVNDB: JVNDB-2010-003420 // NVD: CVE-2010-4303

THREAT TYPE

local

Trust: 0.9

sources: BID: 78759 // CNNVD: CNNVD-201011-239

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201011-239

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003420

PATCH
title:cisco-sa-20101206-cuvcurl:http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003420

EXTERNAL IDS
db:NVDid:CVE-2010-4303
Trust: 3.4
db:JVNDBid:JVNDB-2010-003420
Trust: 0.8
db:CNNVDid:CNNVD-201011-239
Trust: 0.7
db:CNVDid:CNVD-2010-2956
Trust: 0.6
db:FULLDISCid:20101117 CISCO UNIFIED VIDEOCONFERENCING MULTIPLE VULNERABILITIES - CVE-2010-3037 CVE-2010-3038
Trust: 0.6
db:CISCOid:20101117 MULTIPLE VULNERABILITIES IN CISCO UNIFIED VIDEOCONFERENCING PRODUCTS
Trust: 0.6
db:BIDid:78759
Trust: 0.4
db:VULHUBid:VHN-46908
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-2956 // 
            
            
            
            VULHUB: VHN-46908 // 
            
            
            
            BID: 78759 // 
            
            
            
            JVNDB: JVNDB-2010-003420 // 
            
            
            
            CNNVD: CNNVD-201011-239 // 
            
            
            
            NVD: CVE-2010-4303

REFERENCES
url:http://www.trustmatta.com/advisories/matta-2010-001.txt
Trust: 2.6
url:http://www.cisco.com/en/us/products/products_security_response09186a0080b56d0d.html
Trust: 2.0
url:http://seclists.org/fulldisclosure/2010/nov/167
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4303
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4303
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2010-2956 // 
            
            
            
            VULHUB: VHN-46908 // 
            
            
            
            BID: 78759 // 
            
            
            
            JVNDB: JVNDB-2010-003420 // 
            
            
            
            CNNVD: CNNVD-201011-239 // 
            
            
            
            NVD: CVE-2010-4303

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78759

SOURCES
db:CNVDid:CNVD-2010-2956
db:VULHUBid:VHN-46908
db:BIDid:78759
db:JVNDBid:JVNDB-2010-003420
db:CNNVDid:CNNVD-201011-239
db:NVDid:CVE-2010-4303

LAST UPDATE DATE
2025-04-11T22:54:09.110000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-2956date:2010-11-25T00:00:00
db:VULHUBid:VHN-46908date:2010-11-30T00:00:00
db:BIDid:78759date:2010-11-22T00:00:00
db:JVNDBid:JVNDB-2010-003420date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-239date:2010-11-25T00:00:00
db:NVDid:CVE-2010-4303date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-2956date:2010-11-25T00:00:00
db:VULHUBid:VHN-46908date:2010-11-22T00:00:00
db:BIDid:78759date:2010-11-22T00:00:00
db:JVNDBid:JVNDB-2010-003420date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-239date:2010-11-24T00:00:00
db:NVDid:CVE-2010-4303date:2010-11-22T20:00:04.260