ID
VAR-201011-0295
TITLE
Cisco Unified Videoconferencing FTP Server Security Vulnerability
Trust: 0.6
DESCRIPTION
Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The default Cisco UVC system enables the FTP server, and an attacker can use the FTP server to obtain the /etc/shadow file. The FTP access to the device can be controlled through the \"Security mode\" field in the WEB GUI of the Cisco UVC product. If the security settings are configured to be high or medium, the device will not receive FTP connections. Cisco Unified Videoconferencing is prone to a security weakness. The weakness can potentially be used to leverage other latent vulnerabilities in the affected device. This issue affects Linux-based operating system Cisco UVC products and VxWorks-based Cisco UVC products. This issue is being tracked by Cisco bug ID CSCti72032. NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | eq | version: | 3515 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gateway | scope: | eq | version: | 3522 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gateway | scope: | eq | version: | 3527 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 3545 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5110 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5115 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5230 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 52300 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51100 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 35450 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | eq | version: | 35270 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | eq | version: | 35220 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | eq | version: | 35150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 52307.1.2.15 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 51157.1.2.15 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 51107.1.2.12 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 35455.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | ne | version: | 35275.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | ne | version: | 35225.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | ne | version: | 35155.7.2 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Design Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 44928 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-2842 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/archive/1/514798http | Trust: 0.6 |
| url: | http://www.cisco.com/en/us/products/hw/video/ps1870/index.html | Trust: 0.3 |
| url: | /archive/1/514797 | Trust: 0.3 |
| url: | /archive/1/514798 | Trust: 0.3 |
| url: | http://www.cisco.com/warp/public/707/cisco-sa-20101206-cuvc.shtml | Trust: 0.3 |
| url: | http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml | Trust: 0.3 |
CREDITS
Florent Daigniere
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-2842 |
| db: | BID | id: | 44928 |
LAST UPDATE DATE
2022-05-17T01:58:00.458000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-2842 | date: | 2010-11-18T00:00:00 |
| db: | BID | id: | 44928 | date: | 2010-12-06T19:55:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-2842 | date: | 2010-11-18T00:00:00 |
| db: | BID | id: | 44928 | date: | 2010-11-17T00:00:00 |