ID
VAR-E-201011-0644
TITLE
Cisco Unified Videoconferencing Password Obfuscation Vulnerability
Trust: 0.3
DESCRIPTION
Cisco Unified Videoconferencing is prone to a weak-password obfuscation vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected device.
This issue is being tracked by Cisco bug ID CSCti54010.
The following products are affected:
Cisco Unified Videoconferencing 5110 System
Cisco Unified Videoconferencing 5115 System
Cisco Unified Videoconferencing 5230 System
Cisco Unified Videoconferencing 3545 System
Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway
Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway
Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU)
NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 52300 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 51100 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | eq | version: | 35450 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | eq | version: | 35270 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | eq | version: | 35220 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | eq | version: | 35150 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 52307.1.2.15 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 51157.1.2.15 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 51107.1.2.12 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing system | scope: | ne | version: | 35455.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing primary rate interface gate | scope: | ne | version: | 35275.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing basic rate interfaces gatew | scope: | ne | version: | 35225.7.2 | Trust: 0.3 |
| vendor: | cisco | model: | unified videoconferencing multipoint control unit | scope: | ne | version: | 35155.7.2 | Trust: 0.3 |
EXPLOIT
The vendor indicates that exploit code is available to aid in recovering the device's hashed passwords.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Florent Daigniere
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 44923 | Trust: 0.3 |
REFERENCES
| url: | http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml | Trust: 0.3 |
| url: | http://www.cisco.com/warp/public/707/cisco-sa-20101206-cuvc.shtml | Trust: 0.3 |
| url: | http://www.cisco.com/en/us/products/hw/video/ps1870/index.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 44923 |
LAST UPDATE DATE
2022-07-27T09:27:58.503000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 44923 | date: | 2010-12-06T19:55:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 44923 | date: | 2010-11-17T00:00:00 |