CERTA-2010-AVI-561

Vulnerability from certfr_avis - Published: 2010-11-23 - Updated: 2010-11-23

De multiples vulnérabilités dans Cisco Unified Videoconferencing permettent, entre autres, de contourner la politique de sécurité.

Description

De multiples vulnérabilités ont été identifiées dans les produits Cisco Unified Videoconferencing. Leur exploitation permet notamment à une personne malintentionnée de contourner la politique de sécurité et d'exécuter ainsi des commandes avec le privilège administrateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Cisco N/A Cisco Unified Videoconferencing 3545 System ;
Cisco N/A Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway ;
Cisco N/A Cisco Unified Videoconferencing 5115 System ;
Cisco N/A Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU).
Cisco N/A Cisco Unified Videoconferencing 5230 System ;
Cisco N/A Cisco Unified Videoconferencing 5110 System ;
Cisco N/A Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway ;
References

Show details on source website
To clipboard Create KEV Entry 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified Videoconferencing 3545 System ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Videoconferencing 5115 System ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Videoconferencing 5230 System ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Videoconferencing 5110 System ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Cisco\nUnified Videoconferencing. Leur exploitation permet notamment \u00e0 une\npersonne malintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9 et\nd\u0027ex\u00e9cuter ainsi des commandes avec le privil\u00e8ge administrateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3038"
    },
    {
      "name": "CVE-2010-3037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3037"
    }
  ],
  "initial_release_date": "2010-11-23T00:00:00",
  "last_revision_date": "2010-11-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20101117-cucv du 17 novembre    2010 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml"
    }
  ],
  "reference": "CERTA-2010-AVI-561",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Cisco Unified Videoconferencing\npermettent, entre autres, de contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Videoconferencing",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 17 novembre 2010",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.