Details of VAR-201308-0221

ID

VAR-201308-0221

CVE

CVE-2013-3454

TITLE

plural Cisco TelePresence System Runs on device Cisco TelePresence System Software Vulnerable to change settings

Trust: 0.8

sources: JVNDB: JVNDB-2013-003680

DESCRIPTION

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. Vendors report this vulnerability Bug ID CSCui43128 Published as.By a third party, HTTPS Via request, settings may be changed or arbitrary actions may be taken. Cisco TelePresence System Software is prone to an unauthorized-access vulnerability Attackers can exploit this issue to gain unauthorized administrative access to affected system. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCui43128. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. A remote attacker can exploit this vulnerability to modify the configuration or perform arbitrary operations through HTTPS requests

Trust: 1.98

sources: NVD: CVE-2013-3454 // JVNDB: JVNDB-2013-003680 // BID: 61659 // VULHUB: VHN-63456

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.6	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.5	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.3\(4042\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.6\(4109\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.3	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.2	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.5\(4097\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.2\(4023\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.4\(4072\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.4	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	cisco	model:	telepresence system 3210	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system 1300-65	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.1	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.0\(46\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.2.3\(1101\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.13	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.2\(11\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.5	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.0.2\(4719\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3200	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.3\(2115\)	Trust: 1.0
vendor:	cisco	model:	telepresence system tx9200	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.1	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.5\(42\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 500-37	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.6\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.8\(4222\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.10\(3648\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.0.1\(3\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.7\(4212\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.4.7\(2229\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.0\(3954\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.4	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.0.1\(4764\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.1\(4864\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.0.1\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.10	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.3	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	1.10.1	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.0	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.4.7	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.0\(55\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.11\(3659\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.12	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.2	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.2\(4937\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 500-32	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.8	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.2\(28\)	Trust: 1.0
vendor:	cisco	model:	telepresence system tx9000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.3	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.4\(270\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.1\(2082\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.1\(68\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.12\(3701\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.7	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.2.1\(2\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3010	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.11	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.13\(3717\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.3\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.1\(50\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.6	Trust: 1.0
vendor:	cisco	model:	telepresence system 1300	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.1\(34\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.3.2\(1393\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 1300 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 1300-65	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3010	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3200	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3210	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 500-32	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 500-37	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.1 to 1.10.1 (500-37	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1300	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1x00	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	3x00	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	30x0 series )	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	6.0.3 (500-32	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	tx1310	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	tx9x00 series )	Trust: 0.8
vendor:	cisco	model:	telepresence system tx1310	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx9000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx9200	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2013-003680 // CNNVD: CNNVD-201308-126 // NVD: CVE-2013-3454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3454
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3454
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201308-126
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-63456
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3454
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63456
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63456 // JVNDB: JVNDB-2013-003680 // CNNVD: CNNVD-201308-126 // NVD: CVE-2013-3454

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-63456 // JVNDB: JVNDB-2013-003680 // NVD: CVE-2013-3454

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-126

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201308-126

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003680

PATCH

title:	cisco-sa-20130807-tp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp	Trust: 0.8
title:	30323	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30323	Trust: 0.8

sources: JVNDB: JVNDB-2013-003680

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3454	Trust: 2.8
db:	BID	id:	61659	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003680	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-126	Trust: 0.7
db:	CISCO	id:	20130807 CISCO TELEPRESENCE SYSTEM DEFAULT CREDENTIALS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-63456	Trust: 0.1

sources: VULHUB: VHN-63456 // BID: 61659 // JVNDB: JVNDB-2013-003680 // CNNVD: CNNVD-201308-126 // NVD: CVE-2013-3454

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130807-tp	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3454	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3454	Trust: 0.8
url:	http://www.securityfocus.com/bid/61659	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps7060/index.html	Trust: 0.3

sources: VULHUB: VHN-63456 // BID: 61659 // JVNDB: JVNDB-2013-003680 // CNNVD: CNNVD-201308-126 // NVD: CVE-2013-3454

CREDITS

Cisco

Trust: 0.9

sources: BID: 61659 // CNNVD: CNNVD-201308-126

SOURCES

db:	VULHUB	id:	VHN-63456
db:	BID	id:	61659
db:	JVNDB	id:	JVNDB-2013-003680
db:	CNNVD	id:	CNNVD-201308-126
db:	NVD	id:	CVE-2013-3454

LAST UPDATE DATE

2024-08-14T13:48:23.062000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63456	date:	2013-08-09T00:00:00
db:	BID	id:	61659	date:	2013-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-003680	date:	2013-08-12T00:00:00
db:	CNNVD	id:	CNNVD-201308-126	date:	2013-08-14T00:00:00
db:	NVD	id:	CVE-2013-3454	date:	2013-08-09T17:55:27.520

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63456	date:	2013-08-08T00:00:00
db:	BID	id:	61659	date:	2013-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-003680	date:	2013-08-12T00:00:00
db:	CNNVD	id:	CNNVD-201308-126	date:	2013-08-14T00:00:00
db:	NVD	id:	CVE-2013-3454	date:	2013-08-08T14:55:08.717