Sign-up

ID

VAR-201311-0298


CVE

CVE-2013-5558


TITLE

Cisco TelePresence VX Clinical Assistant of WIL-A Module access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005052

DESCRIPTION

The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID CSCuj17238. Vendors have confirmed this vulnerability Bug ID CSCuj17238 It is released as.A third party may gain access through the administration interface. Exploiting this issue could allow an attacker to bypass certain security restrictions and perform unauthorized actions on the device running the vulnerable application. This issue is being tracked by Cisco Bug ID CSCuj17238. The system can provide remote diagnosis, virtual nursing, medical education and other functions through high-definition video. The vulnerability is caused by an error in the program's handling of administrative passwords. When the system is restarted, the software resets the admin password to an empty password. An attacker could exploit this vulnerability to gain administrative privileges by logging into the management interface

Trust: 1.98

sources: NVD: CVE-2013-5558 // JVNDB: JVNDB-2013-005052 // BID: 63552 // VULHUB: VHN-65560

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence vx clinical assistantscope:eqversion:1.2

Trust: 1.6

vendor:ciscomodel:telepresence vx clinical assistantscope:ltversion:1.2

Trust: 0.8

vendor:ciscomodel:telepresence vx clinical assistantscope:eqversion:1.21

Trust: 0.8

sources: JVNDB: JVNDB-2013-005052 // CNNVD: CNNVD-201311-098 // NVD: CVE-2013-5558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5558
value: HIGH

Trust: 1.0

NVD: CVE-2013-5558
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201311-098
value: CRITICAL

Trust: 0.6

VULHUB: VHN-65560
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5558
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65560
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65560 // JVNDB: JVNDB-2013-005052 // CNNVD: CNNVD-201311-098 // NVD: CVE-2013-5558

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-65560 // JVNDB: JVNDB-2013-005052 // NVD: CVE-2013-5558

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-098

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201311-098

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005052

PATCH
title:cisco-sa-20131106-tvxcaurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-tvxca
Trust: 0.8
title:31571url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31571
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005052

EXTERNAL IDS
db:NVDid:CVE-2013-5558
Trust: 2.8
db:BIDid:63552
Trust: 1.0
db:JVNDBid:JVNDB-2013-005052
Trust: 0.8
db:CNNVDid:CNNVD-201311-098
Trust: 0.7
db:NSFOCUSid:25227
Trust: 0.6
db:CISCOid:20131106 CISCO TELEPRESENCE VX CLINICAL ASSISTANT ADMINISTRATIVE PASSWORD RESET VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65560
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65560 // 
            
            
            
            BID: 63552 // 
            
            
            
            JVNDB: JVNDB-2013-005052 // 
            
            
            
            CNNVD: CNNVD-201311-098 // 
            
            
            
            NVD: CVE-2013-5558

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131106-tvxca
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5558
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5558
Trust: 0.8
url:http://www.securityfocus.com/bid/63552
Trust: 0.6
url:http://www.nsfocus.net/vulndb/25227
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65560 // 
            
            
            
            BID: 63552 // 
            
            
            
            JVNDB: JVNDB-2013-005052 // 
            
            
            
            CNNVD: CNNVD-201311-098 // 
            
            
            
            NVD: CVE-2013-5558

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 63552 // 
            
            
            
            CNNVD: CNNVD-201311-098

SOURCES
db:VULHUBid:VHN-65560
db:BIDid:63552
db:JVNDBid:JVNDB-2013-005052
db:CNNVDid:CNNVD-201311-098
db:NVDid:CVE-2013-5558

LAST UPDATE DATE
2025-04-11T23:19:27.211000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65560date:2013-11-08T00:00:00
db:BIDid:63552date:2013-11-06T00:00:00
db:JVNDBid:JVNDB-2013-005052date:2013-11-11T00:00:00
db:CNNVDid:CNNVD-201311-098date:2013-11-08T00:00:00
db:NVDid:CVE-2013-5558date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65560date:2013-11-08T00:00:00
db:BIDid:63552date:2013-11-06T00:00:00
db:JVNDBid:JVNDB-2013-005052date:2013-11-11T00:00:00
db:CNNVDid:CNNVD-201311-098date:2013-11-08T00:00:00
db:NVDid:CVE-2013-5558date:2013-11-08T04:47:23.040