VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3038
unified_videoconferencing_system_5110, unified_videoconferencing_system_5110_firm...: Cisco Unified Videoconferencing (UVC) System 5110 a...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3038

Original

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-11-22
Source Information Category:
Advisory, Alert
Last Updated:
2010-11-23




Affected Product Tags
cpe:/a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3
cpe:/a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3
cpe:/h:cisco:unified_videoconferencing_system_5110
cpe:/h:cisco:unified_videoconferencing_system_5115
cpe:/o:linux:linux_kernel
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
CISCO 20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products




FULLDISC 20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038




MISC http://www.trustmatta.com/advisories/MATTA-2010-001.txt




Vulnerability Type Credentials Management (CWE-255)




Copyright © 2010 JPCERT/CC All Rights Reserved.