Sign-up

ID

VAR-201307-0234


CVE

CVE-2013-3405


TITLE

Cisco TelePresence Run on the endpoint TC Vulnerabilities that bypass software authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-003325

DESCRIPTION

The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071. Vendors have confirmed this vulnerability Bug ID CSCud96071 It is released as.Authentication may be bypassed by sending arbitrary passwords by a third party. Cisco TelePresence TC Software is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain access to vulnerable devices. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCud96071. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect

Trust: 1.98

sources: NVD: CVE-2013-3405 // JVNDB: JVNDB-2013-003325 // BID: 61113 // VULHUB: VHN-63407

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence tc softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2013-003325 // CNNVD: CNNVD-201307-212 // NVD: CVE-2013-3405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3405
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3405
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-212
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63407
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3405
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63407
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63407 // JVNDB: JVNDB-2013-003325 // CNNVD: CNNVD-201307-212 // NVD: CVE-2013-3405

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63407 // JVNDB: JVNDB-2013-003325 // NVD: CVE-2013-3405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-212

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201307-212

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003325

PATCH
title:Cisco TC Software Empty Password Validation Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3405
Trust: 0.8
title:30030url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30030
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003325

EXTERNAL IDS
db:NVDid:CVE-2013-3405
Trust: 2.8
db:JVNDBid:JVNDB-2013-003325
Trust: 0.8
db:CNNVDid:CNNVD-201307-212
Trust: 0.7
db:CISCOid:20130710 CISCO TC SOFTWARE IMPROPER VALIDATION OF EMPTY PASSWORD
Trust: 0.6
db:BIDid:61113
Trust: 0.4
db:VULHUBid:VHN-63407
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63407 // 
            
            
            
            BID: 61113 // 
            
            
            
            JVNDB: JVNDB-2013-003325 // 
            
            
            
            CNNVD: CNNVD-201307-212 // 
            
            
            
            NVD: CVE-2013-3405

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3405
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3405
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3405
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63407 // 
            
            
            
            BID: 61113 // 
            
            
            
            JVNDB: JVNDB-2013-003325 // 
            
            
            
            CNNVD: CNNVD-201307-212 // 
            
            
            
            NVD: CVE-2013-3405

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61113

SOURCES
db:VULHUBid:VHN-63407
db:BIDid:61113
db:JVNDBid:JVNDB-2013-003325
db:CNNVDid:CNNVD-201307-212
db:NVDid:CVE-2013-3405

LAST UPDATE DATE
2024-08-14T15:24:49.442000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63407date:2013-10-11T00:00:00
db:BIDid:61113date:2013-07-12T19:55:00
db:JVNDBid:JVNDB-2013-003325date:2013-07-12T00:00:00
db:CNNVDid:CNNVD-201307-212date:2013-07-17T00:00:00
db:NVDid:CVE-2013-3405date:2013-10-11T14:46:45.840

SOURCES RELEASE DATE
db:VULHUBid:VHN-63407date:2013-07-10T00:00:00
db:BIDid:61113date:2013-07-11T00:00:00
db:JVNDBid:JVNDB-2013-003325date:2013-07-12T00:00:00
db:CNNVDid:CNNVD-201307-212date:2013-07-17T00:00:00
db:NVDid:CVE-2013-3405date:2013-07-10T20:55:02.107