Lucene search

[email protected]CVE-2010-3038

HistoryNov 22, 2010 - 8:00 p.m.

CVE-2010-3038

2010-11-2220:00:03

CWE-255

[email protected]

web.nvd.nist.gov

cve-2010-3038

cisco

unified videoconferencing

uvc

system

default password

linux

ftp

ssh

remote access

vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.2%

JSON

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.

Affected configurations

NVD

Node

ciscounified_videoconferencing_system_5110_firmwareMatch7.0.1.13.3

ciscounified_videoconferencing_system_5115_firmwareMatch7.0.1.13.3

AND

ciscounified_videoconferencing_system_5110

ciscounified_videoconferencing_system_5115

linuxlinux_kernel

CPENameOperatorVersion
cisco:unified_videoconferencing_system_5110_firmwarecisco unified videoconferencing system 5110 firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_5115_firmwarecisco unified videoconferencing system 5115 firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_5110cisco unified videoconferencing system 5110eq*
cisco:unified_videoconferencing_system_5115cisco unified videoconferencing system 5115eq*

CPE	Name	Operator	Version
cisco:unified_videoconferencing_system_5110_firmware	cisco unified videoconferencing system 5110 firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_5115_firmware	cisco unified videoconferencing system 5115 firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_5110	cisco unified videoconferencing system 5110	eq	*
cisco:unified_videoconferencing_system_5115	cisco unified videoconferencing system 5115	eq	*

References

seclists.org/fulldisclosure/2010/Nov/167

www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html

www.securityfocus.com/bid/44924

www.securitytracker.com/id?1024753

www.trustmatta.com/advisories/MATTA-2010-001.txt

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for CVE-2010-3038

prion1 cvelist1 nvd1 securityvulns3