Details of VAR-E-201011-1064

ID

VAR-E-201011-1064

TITLE

RETIRED: Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness

Trust: 0.3

sources: BID: 44908

DESCRIPTION

Cisco Unified Videoconferencing is prone to multiple remote vulnerabilities and a weakness.
An attacker can exploit these issue to gain unauthorized access to the affected device, gain access to sensitive information, compromise the affected device, and hijack a user's session. Other attacks are also possible.
The following products are affected:
Cisco Unified Videoconferencing 5110 System
Cisco Unified Videoconferencing 5115 System
Cisco Unified Videoconferencing 5230 System
Cisco Unified Videoconferencing 3545 System
Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway
Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway
Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU)
This BID is being retired. The following individual records exist to better document the issues:
44922 Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities
44923 Cisco Unified Videoconferencing Password Obfuscation Vulnerability
44924 Cisco Unified Videoconferencing Hardcoded User Credentials Authentication Bypass Vulnerability
44925 Cisco Unified Videoconferencing Security Bypass Vulnerability
44926 Cisco Unified Videoconferencing Web Interface Weak Session Cookie Session Hijacking Vulnerability
44927 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability
44928 Cisco Unified Videoconferencing FTP Server Security Weakness
44929 Cisco Unified Videoconferencing Security Bypass Vulnerability
44936 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability

Trust: 0.3

sources: BID: 44908

AFFECTED PRODUCTS

vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	52300	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	51150	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	51100	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing system	scope:	eq	version:	35450	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing primary rate interface gate	scope:	eq	version:	35270	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing basic rate interfaces gatew	scope:	eq	version:	35220	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing multipoint control unit	scope:	eq	version:	35150	Trust: 0.3

sources: BID: 44908

EXPLOIT

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Note: Some of these issues may not require a specific exploit.

Trust: 0.3

sources: BID: 44908

PRICE

Free

Trust: 0.3

sources: BID: 44908

TYPE

Unknown

Trust: 0.3

sources: BID: 44908

CREDITS

Florent Daigniere, Cisco

Trust: 0.3

sources: BID: 44908

EXTERNAL IDS

db:

BID

id:

44908

Trust: 0.3

sources: BID: 44908

REFERENCES

url:	http://www.cisco.com/en/us/products/hw/video/ps1870/index.html	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml	Trust: 0.3

sources: BID: 44908

SOURCES

db:

BID

id:

44908

LAST UPDATE DATE

2022-07-27T09:27:58.257000+00:00

SOURCES UPDATE DATE

db:

BID

id:

44908

date:

2010-11-18T16:16:00

SOURCES RELEASE DATE

db:

BID

id:

44908

date:

2010-11-17T00:00:00