Sign-up

ID

VAR-201011-0300


TITLE

Cisco Unified Videoconferencing Locks OpenSSH Configuration Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-2841

DESCRIPTION

Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The SSH server has a restricted shell, but the SSH server configuration allows X.11 to forward and create SOCK proxies. The misconfiguration of this service only affects Linux-based Cisco UVC products. Cisco Unified Videoconferencing is prone to a security bypass vulnerability. Successful exploits compromise the affected device or cause a denial-of-service condition. These issues are being tracked by Cisco bug ID CSCti54047. NOTE: These issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it

Trust: 0.81

sources: CNVD: CNVD-2010-2841 // BID: 44925

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-2841

AFFECTED PRODUCTS

vendor:ciscomodel:unified videoconferencing multipoint control unitscope:eqversion:3515

Trust: 0.6

vendor:ciscomodel:unified videoconferencing prinary rate interface gatawayscope:eqversion:3527

Trust: 0.6

vendor:ciscomodel:unified videoconferencing basic rate interfaces gatewayscope:eqversion:3522

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:3545

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5110

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5115

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:5230

Trust: 0.6

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:52300

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51150

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:51100

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:eqversion:35450

Trust: 0.3

vendor:ciscomodel:unified videoconferencing primary rate interface gatescope:eqversion:35270

Trust: 0.3

vendor:ciscomodel:unified videoconferencing basic rate interfaces gatewscope:eqversion:35220

Trust: 0.3

vendor:ciscomodel:unified videoconferencing multipoint control unitscope:eqversion:35150

Trust: 0.3

vendor:ciscomodel:unified videoconferencingscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:neversion:52307.1.2.15

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:neversion:51157.1.2.15

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:neversion:51107.1.2.12

Trust: 0.3

vendor:ciscomodel:unified videoconferencing systemscope:neversion:35455.7.2

Trust: 0.3

vendor:ciscomodel:unified videoconferencing primary rate interface gatescope:neversion:35275.7.2

Trust: 0.3

vendor:ciscomodel:unified videoconferencing basic rate interfaces gatewscope:neversion:35225.7.2

Trust: 0.3

vendor:ciscomodel:unified videoconferencing multipoint control unitscope:neversion:35155.7.2

Trust: 0.3

sources: CNVD: CNVD-2010-2841 // BID: 44925

THREAT TYPE

network

Trust: 0.3

sources: BID: 44925

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 44925

EXTERNAL IDS

db:BIDid:44925

Trust: 0.9

db:CNVDid:CNVD-2010-2841

Trust: 0.6

sources: CNVD: CNVD-2010-2841 // BID: 44925

REFERENCES

url:http://www.securityfocus.com/archive/1/514798http

Trust: 0.6

url:http://www.cisco.com/en/us/products/hw/video/ps1870/index.html

Trust: 0.3

url:/archive/1/514797

Trust: 0.3

url:/archive/1/514798

Trust: 0.3

url:http://www.cisco.com/warp/public/707/cisco-sa-20101206-cuvc.shtml

Trust: 0.3

url:http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml

Trust: 0.3

sources: CNVD: CNVD-2010-2841 // BID: 44925

CREDITS

Florent Daigniere

Trust: 0.3

sources: BID: 44925

SOURCES

db:CNVDid:CNVD-2010-2841
db:BIDid:44925

LAST UPDATE DATE

2022-05-17T02:08:19.432000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-2841date:2010-11-18T00:00:00
db:BIDid:44925date:2010-12-06T19:55:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-2841date:2010-11-18T00:00:00
db:BIDid:44925date:2010-11-17T00:00:00