ID
VAR-201011-0303
TITLE
Cisco Unified Videoconferencing shadow password readable vulnerability
Trust: 0.6
DESCRIPTION
Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The shadow password must only be readable by the root account. This application allows users who have access to the system shell to read the shadow password file. The wrong configuration allows sensitive users accessing the Linux operating system directory to obtain sensitive information. Cisco Unified Videoconferencing is prone to a security bypass vulnerability. Successful exploits compromise the affected device or cause a denial-of-service condition. This issue affects the Linux-based operating system Cisco UVC product. These issues are being tracked by Cisco bug ID CSCti54045. NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | eq | version: | 3515 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gateway | scope: | eq | version: | 3522 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gateway | scope: | eq | version: | 3527 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 3545 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5110 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5115 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 5230 | Trust: 0.6 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 52300 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51100 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 35450 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | eq | version: | 35270 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | eq | version: | 35220 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | eq | version: | 35150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 52307.1.2.15 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 51157.1.2.15 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 51107.1.2.12 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 35455.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | ne | version: | 35275.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | ne | version: | 35225.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | ne | version: | 35155.7.2 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 44929 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-2853 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/archive/1/514798http | Trust: 0.6 |
| url: | http://www.cisco.com/en/us/products/hw/video/ps1870/index.html | Trust: 0.3 |
| url: | /archive/1/514797 | Trust: 0.3 |
| url: | /archive/1/514798 | Trust: 0.3 |
| url: | http://www.cisco.com/warp/public/707/cisco-sa-20101206-cuvc.shtml | Trust: 0.3 |
| url: | http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml | Trust: 0.3 |
CREDITS
Florent Daignier
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-2853 |
| db: | BID | id: | 44929 |
LAST UPDATE DATE
2022-05-17T01:56:38.699000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-2853 | date: | 2010-11-18T00:00:00 |
| db: | BID | id: | 44929 | date: | 2010-12-06T19:55:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-2853 | date: | 2010-11-18T00:00:00 |
| db: | BID | id: | 44929 | date: | 2010-11-17T00:00:00 |