Sign-up

ID

VAR-201011-0077


CVE

CVE-2010-4305


TITLE

plural Cisco UVC System Vulnerabilities in which important information is obtained in products

Trust: 0.8

sources: JVNDB: JVNDB-2010-003422

DESCRIPTION

Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052. The problem is Bug ID CSCti54052 It is a problem.By a third party (1) Plaintext, (2) 64 Bit-encoded plaintext Cookie By reading, important information may be obtained. Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and telecom carriers that need a reliable, easy-to-manage, cost-effective network infrastructure for video conferencing applications. Unified Videoconferencing System 3545 Firmware is prone to a information disclosure vulnerability

Trust: 2.52

sources: NVD: CVE-2010-4305 // JVNDB: JVNDB-2010-003422 // CNVD: CNVD-2010-2935 // BID: 78747 // VULHUB: VHN-46910

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-2935

AFFECTED PRODUCTS

vendor:ciscomodel:unified videoconferencing system 3515 multipoint control unitscope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 3522 basic rate interface gatewayscope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 3527 primary rate interface gatewayscope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 5230scope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 3545scope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 5115scope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 5110scope:eqversion:7.0.1.13.3

Trust: 2.2

vendor:ciscomodel:unified videoconferencing system 3515 multipoint control unitscope: - version: -

Trust: 1.4

vendor:ciscomodel:unified videoconferencing system 3522 basic rate interface gatewayscope: - version: -

Trust: 1.4

vendor:ciscomodel:unified videoconferencing system 3527 primary rate interface gatewayscope: - version: -

Trust: 1.4

vendor:ciscomodel:unified videoconferencing system 5230scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 5110scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 3522 basic rate interface gatewayscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 3527 primary rate interface gatewayscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 5115scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 3545scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 3515 multipoint control unitscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified videoconferencing system 3545scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified videoconferencing system 5110scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified videoconferencing system 5115scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified videoconferencing system 5230scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5230

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:3545

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5110

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5115

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:52307.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:52300

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51157.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51150

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51107.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51100

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:35457.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:35450

Trust: 0.3

vendor:ciscomodel:unified videoconferencing system primary rate interface gatewayscope:eqversion:35277.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing system primary rate interface gatewayscope:eqversion:35270

Trust: 0.3

vendor:ciscomodel:unified videoconferencing system basic rate interface gatewayscope:eqversion:35227.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing system basic rate interface gatewayscope:eqversion:35220

Trust: 0.3

vendor:ciscomodel:unified videoconferencing system multipoint control unitscope:eqversion:35157.0.1.13.3

Trust: 0.3

vendor:ciscomodel:unified videoconferencing system multipoint control unitscope:eqversion:35150

Trust: 0.3

sources: CNVD: CNVD-2010-2935 // BID: 78747 // JVNDB: JVNDB-2010-003422 // CNNVD: CNNVD-201011-241 // NVD: CVE-2010-4305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4305
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-4305
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-241
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46910
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4305
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46910
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46910 // JVNDB: JVNDB-2010-003422 // CNNVD: CNNVD-201011-241 // NVD: CVE-2010-4305

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-46910 // JVNDB: JVNDB-2010-003422 // NVD: CVE-2010-4305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-241

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201011-241

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003422

PATCH
title:cisco-sa-20101206-cuvcurl:http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003422

EXTERNAL IDS
db:NVDid:CVE-2010-4305
Trust: 3.4
db:JVNDBid:JVNDB-2010-003422
Trust: 0.8
db:CNVDid:CNVD-2010-2935
Trust: 0.6
db:FULLDISCid:20101117 CISCO UNIFIED VIDEOCONFERENCING MULTIPLE VULNERABILITIES - CVE-2010-3037 CVE-2010-3038
Trust: 0.6
db:CISCOid:20101117 MULTIPLE VULNERABILITIES IN CISCO UNIFIED VIDEOCONFERENCING PRODUCTS
Trust: 0.6
db:CNNVDid:CNNVD-201011-241
Trust: 0.6
db:BIDid:78747
Trust: 0.4
db:VULHUBid:VHN-46910
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-2935 // 
            
            
            
            VULHUB: VHN-46910 // 
            
            
            
            BID: 78747 // 
            
            
            
            JVNDB: JVNDB-2010-003422 // 
            
            
            
            CNNVD: CNNVD-201011-241 // 
            
            
            
            NVD: CVE-2010-4305

REFERENCES
url:http://www.cisco.com/en/us/products/products_security_response09186a0080b56d0d.html
Trust: 2.0
url:http://seclists.org/fulldisclosure/2010/nov/167
Trust: 2.0
url:http://www.trustmatta.com/advisories/matta-2010-001.txt
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4305
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4305
Trust: 0.8
url:http://www.cisco.com/en/us/products/products_security_response09186a0080b56d0d.htmlhttp
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-2935 // 
            
            
            
            VULHUB: VHN-46910 // 
            
            
            
            BID: 78747 // 
            
            
            
            JVNDB: JVNDB-2010-003422 // 
            
            
            
            CNNVD: CNNVD-201011-241 // 
            
            
            
            NVD: CVE-2010-4305

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78747

SOURCES
db:CNVDid:CNVD-2010-2935
db:VULHUBid:VHN-46910
db:BIDid:78747
db:JVNDBid:JVNDB-2010-003422
db:CNNVDid:CNNVD-201011-241
db:NVDid:CVE-2010-4305

LAST UPDATE DATE
2025-04-11T22:54:09.196000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-2935date:2010-11-25T00:00:00
db:VULHUBid:VHN-46910date:2010-11-30T00:00:00
db:BIDid:78747date:2010-11-22T00:00:00
db:JVNDBid:JVNDB-2010-003422date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-241date:2010-11-25T00:00:00
db:NVDid:CVE-2010-4305date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-2935date:2010-11-25T00:00:00
db:VULHUBid:VHN-46910date:2010-11-22T00:00:00
db:BIDid:78747date:2010-11-22T00:00:00
db:JVNDBid:JVNDB-2010-003422date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-241date:2010-11-24T00:00:00
db:NVDid:CVE-2010-4305date:2010-11-22T20:00:04.340