Details of VAR-201011-0076

ID

VAR-201011-0076

CVE

CVE-2010-4304

TITLE

plural Cisco UVC System Product Web Session hijacking vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2010-003421

DESCRIPTION

The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048. The problem is Bug ID CSCti54048 It is a problem.A brute force attack by a third party (Brute force attack) The session may be hijacked through. Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and telecom carriers that need a reliable, easy-to-manage, cost-effective network infrastructure for video conferencing applications. Unified Videoconferencing System 3545 Firmware is prone to a remote security vulnerability

Trust: 2.52

sources: NVD: CVE-2010-4304 // JVNDB: JVNDB-2010-003421 // CNVD: CNVD-2010-2955 // BID: 78770 // VULHUB: VHN-46909

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-2955

AFFECTED PRODUCTS

vendor:	cisco	model:	unified videoconferencing system 3515 multipoint control unit	scope:	eq	version:	7.0.1.13.3	Trust: 2.2
vendor:	cisco	model:	unified videoconferencing system 3522 basic rate interface gateway	scope:	eq	version:	7.0.1.13.3	Trust: 2.2
vendor:	cisco	model:	unified videoconferencing system 3527 primary rate interface gateway	scope:	eq	version:	7.0.1.13.3	Trust: 2.2
vendor:	cisco	model:	unified videoconferencing system 5230	scope:	eq	version:	7.0.1.13.3	Trust: 2.2
vendor:	cisco	model:	unified videoconferencing system 3545	scope:	eq	version:	7.0.1.13.3	Trust: 2.2
vendor:	cisco	model:	unified videoconferencing system 5115	scope:	eq	version:	7.0.1.13.3	Trust: 2.2
vendor:	cisco	model:	unified videoconferencing system 5110	scope:	eq	version:	7.0.1.13.3	Trust: 2.2
vendor:	cisco	model:	unified videoconferencing system 3515 multipoint control unit	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified videoconferencing system 3522 basic rate interface gateway	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified videoconferencing system 3527 primary rate interface gateway	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified videoconferencing system 5230	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing system 5110	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing system 3522 basic rate interface gateway	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing system 3527 primary rate interface gateway	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing system 5115	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing system 3545	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing system 3515 multipoint control unit	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing system 3545	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified videoconferencing system 5110	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified videoconferencing system 5115	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified videoconferencing system 5230	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	5230	Trust: 0.6
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	3545	Trust: 0.6
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	5110	Trust: 0.6
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	5115	Trust: 0.6
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	52307.0.1.13.3	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	52300	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	51157.0.1.13.3	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	51150	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	51107.0.1.13.3	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	51100	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	35457.0.1.13.3	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	35450	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system primary rate interface gateway	scope:	eq	version:	35277.0.1.13.3	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system primary rate interface gateway	scope:	eq	version:	35270	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system basic rate interface gateway	scope:	eq	version:	35227.0.1.13.3	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system basic rate interface gateway	scope:	eq	version:	35220	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system multipoint control unit	scope:	eq	version:	35157.0.1.13.3	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system multipoint control unit	scope:	eq	version:	35150	Trust: 0.3

sources: CNVD: CNVD-2010-2955 // BID: 78770 // JVNDB: JVNDB-2010-003421 // CNNVD: CNNVD-201011-240 // NVD: CVE-2010-4304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4304
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-4304
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201011-240
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-46909
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-4304
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-46909
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-46909 // JVNDB: JVNDB-2010-003421 // CNNVD: CNNVD-201011-240 // NVD: CVE-2010-4304

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-46909 // JVNDB: JVNDB-2010-003421 // NVD: CVE-2010-4304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-240

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201011-240

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003421

PATCH

title:	cisco-sa-20101206-cuvc	url:	http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html	Trust: 0.8
title:	Cisco UVC System Multiple Product Web Interface Authorization Issue Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/1881	Trust: 0.6

sources: CNVD: CNVD-2010-2955 // JVNDB: JVNDB-2010-003421

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4304	Trust: 3.4
db:	JVNDB	id:	JVNDB-2010-003421	Trust: 0.8
db:	CNNVD	id:	CNNVD-201011-240	Trust: 0.7
db:	CNVD	id:	CNVD-2010-2955	Trust: 0.6
db:	FULLDISC	id:	20101117 CISCO UNIFIED VIDEOCONFERENCING MULTIPLE VULNERABILITIES - CVE-2010-3037 CVE-2010-3038	Trust: 0.6
db:	CISCO	id:	20101117 MULTIPLE VULNERABILITIES IN CISCO UNIFIED VIDEOCONFERENCING PRODUCTS	Trust: 0.6
db:	BID	id:	78770	Trust: 0.4
db:	VULHUB	id:	VHN-46909	Trust: 0.1

sources: CNVD: CNVD-2010-2955 // VULHUB: VHN-46909 // BID: 78770 // JVNDB: JVNDB-2010-003421 // CNNVD: CNNVD-201011-240 // NVD: CVE-2010-4304

REFERENCES

url:	http://www.trustmatta.com/advisories/matta-2010-001.txt	Trust: 2.6
url:	http://www.cisco.com/en/us/products/products_security_response09186a0080b56d0d.html	Trust: 2.0
url:	http://seclists.org/fulldisclosure/2010/nov/167	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4304	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4304	Trust: 0.8

sources: CNVD: CNVD-2010-2955 // VULHUB: VHN-46909 // BID: 78770 // JVNDB: JVNDB-2010-003421 // CNNVD: CNNVD-201011-240 // NVD: CVE-2010-4304

CREDITS

Unknown

Trust: 0.3

sources: BID: 78770

SOURCES

db:	CNVD	id:	CNVD-2010-2955
db:	VULHUB	id:	VHN-46909
db:	BID	id:	78770
db:	JVNDB	id:	JVNDB-2010-003421
db:	CNNVD	id:	CNNVD-201011-240
db:	NVD	id:	CVE-2010-4304

LAST UPDATE DATE

2025-04-11T22:54:09.308000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-2955	date:	2010-11-25T00:00:00
db:	VULHUB	id:	VHN-46909	date:	2010-11-30T00:00:00
db:	BID	id:	78770	date:	2010-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2010-003421	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201011-240	date:	2010-11-25T00:00:00
db:	NVD	id:	CVE-2010-4304	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-2955	date:	2010-11-25T00:00:00
db:	VULHUB	id:	VHN-46909	date:	2010-11-22T00:00:00
db:	BID	id:	78770	date:	2010-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2010-003421	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201011-240	date:	2010-11-24T00:00:00
db:	NVD	id:	CVE-2010-4304	date:	2010-11-22T20:00:04.307