ID
VAR-201011-0450
TITLE
RETIRED: Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness
Trust: 0.3
DESCRIPTION
Cisco Unified Videoconferencing is prone to multiple remote vulnerabilities and a weakness. An attacker can exploit these issue to gain unauthorized access to the affected device, gain access to sensitive information, compromise the affected device, and hijack a user's session. Other attacks are also possible. The following products are affected: Cisco Unified Videoconferencing 5110 System Cisco Unified Videoconferencing 5115 System Cisco Unified Videoconferencing 5230 System Cisco Unified Videoconferencing 3545 System Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) This BID is being retired. The following individual records exist to better document the issues: 44922 Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities 44923 Cisco Unified Videoconferencing Password Obfuscation Vulnerability 44924 Cisco Unified Videoconferencing Hardcoded User Credentials Authentication Bypass Vulnerability 44925 Cisco Unified Videoconferencing Security Bypass Vulnerability 44926 Cisco Unified Videoconferencing Web Interface Weak Session Cookie Session Hijacking Vulnerability 44927 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability 44928 Cisco Unified Videoconferencing FTP Server Security Weakness 44929 Cisco Unified Videoconferencing Security Bypass Vulnerability 44936 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 52300 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51100 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 35450 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | eq | version: | 35270 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | eq | version: | 35220 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | eq | version: | 35150 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Unknown
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 44908 | Trust: 0.3 |
REFERENCES
| url: | http://www.cisco.com/en/us/products/hw/video/ps1870/index.html | Trust: 0.3 |
| url: | /archive/1/514797 | Trust: 0.3 |
| url: | /archive/1/514798 | Trust: 0.3 |
| url: | http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml | Trust: 0.3 |
CREDITS
Florent Daigniere, Cisco
Trust: 0.3
SOURCES
| db: | BID | id: | 44908 |
LAST UPDATE DATE
2022-05-17T02:10:00.668000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 44908 | date: | 2010-11-18T16:16:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 44908 | date: | 2010-11-17T00:00:00 |