ID
VAR-201011-0297
TITLE
Cisco Unified Videoconferencing Weak Password Algorithm Vulnerability
Trust: 0.6
DESCRIPTION
Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. Users with access to the Linux operating system can obtain files for the storage administrator and the Cisco UVC web GUI action account. The passwords in this file use a simple and reversible hash mechanism that allows an attacker to recover the account password. Cisco Unified Videoconferencing is prone to a weak-password obfuscation vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected device. This issue is being tracked by Cisco bug ID CSCti54010. The following products are affected: Cisco Unified Videoconferencing 5110 System Cisco Unified Videoconferencing 5115 System Cisco Unified Videoconferencing 5230 System Cisco Unified Videoconferencing 3545 System Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | eq | version: | 3515 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gateway | scope: | eq | version: | 3522 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gateway | scope: | eq | version: | 3527 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 3545 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5110 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5115 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5230 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 52300 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51100 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 35450 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | eq | version: | 35270 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | eq | version: | 35220 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | eq | version: | 35150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 52307.1.2.15 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 51157.1.2.15 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 51107.1.2.12 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 35455.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | ne | version: | 35275.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | ne | version: | 35225.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | ne | version: | 35155.7.2 | Trust: 0.3 |
THREAT TYPE
local
Trust: 0.3
TYPE
Design Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 44923 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-2859 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/archive/1/514798http | Trust: 0.6 |
| url: | http://www.cisco.com/en/us/products/hw/video/ps1870/index.html | Trust: 0.3 |
| url: | /archive/1/514797 | Trust: 0.3 |
| url: | /archive/1/514798 | Trust: 0.3 |
| url: | http://www.cisco.com/warp/public/707/cisco-sa-20101206-cuvc.shtml | Trust: 0.3 |
| url: | http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml | Trust: 0.3 |
CREDITS
Florent Daigniere
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-2859 |
| db: | BID | id: | 44923 |
LAST UPDATE DATE
2022-05-17T02:06:05.851000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-2859 | date: | 2010-11-18T00:00:00 |
| db: | BID | id: | 44923 | date: | 2010-12-06T19:55:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-2859 | date: | 2010-11-18T00:00:00 |
| db: | BID | id: | 44923 | date: | 2010-11-17T00:00:00 |