VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-4302
unified_videoconferencing_system_5110, unified_videoconferencing_system_5110_firm...: /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4302

Original

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-11-22
Source Information Category:
Advisory, Alert
Last Updated:
2010-11-23




Affected Product Tags
cpe:/a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3
cpe:/a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3
cpe:/h:cisco:unified_videoconferencing_system_5110
cpe:/h:cisco:unified_videoconferencing_system_5115
cpe:/o:linux:linux_kernel
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CISCO 20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products




FULLDISC 20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038




MISC http://www.trustmatta.com/advisories/MATTA-2010-001.txt




Vulnerability Type Cryptographic Issues (CWE-310)




Copyright © 2010 JPCERT/CC All Rights Reserved.