CVE-2010-3037:unified_videoconferencing_system_5110, unified_videoconferencing_system_5110_firm...: goform/websXMLAdminRequestCgi.cgi in Cisco Unified ...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3037

unified_videoconferencing_system_5110, unified_videoconferencing_system_5110_firm...: goform/websXMLAdminRequestCgi.cgi in Cisco Unified ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3037

Original

goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection v...

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-11-22

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-23

Affected Product Tags

cpe:/a:cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmware:7.0.1.13.3

cpe:/a:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware:7.0.1.13.3

cpe:/a:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware:7.0.1.13.3

cpe:/a:cisco:unified_videoconferencing_system_3545_firmware:7.0.1.13.3

cpe:/a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3

cpe:/a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3

cpe:/a:cisco:unified_videoconferencing_system_5230_firmware:7.0.1.13.3

cpe:/h:cisco:unified_videoconferencing_system_3515_multipoint_control_unit

cpe:/h:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway

cpe:/h:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway

cpe:/h:cisco:unified_videoconferencing_system_3545

cpe:/h:cisco:unified_videoconferencing_system_5110

cpe:/h:cisco:unified_videoconferencing_system_5115

cpe:/h:cisco:unified_videoconferencing_system_5230

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CISCO 20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products

FULLDISC 20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038

MISC http://www.trustmatta.com/advisories/MATTA-2010-001.txt

Vulnerability Type Code Injection (CWE-94)