VAR-201011-0300
Vulnerability from variot - Updated: 2022-05-17 02:08Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The SSH server has a restricted shell, but the SSH server configuration allows X.11 to forward and create SOCK proxies. The misconfiguration of this service only affects Linux-based Cisco UVC products. Cisco Unified Videoconferencing is prone to a security bypass vulnerability. Successful exploits compromise the affected device or cause a denial-of-service condition. These issues are being tracked by Cisco bug ID CSCti54047. NOTE: These issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0300",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified videoconferencing multipoint control unit",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3515"
},
{
"model": "unified videoconferencing prinary rate interface gataway",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3527"
},
{
"model": "unified videoconferencing basic rate interfaces gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3522"
},
{
"model": "unified videoconferencing system",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3545"
},
{
"model": "unified videoconferencing system",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5110"
},
{
"model": "unified videoconferencing system",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5115"
},
{
"model": "unified videoconferencing system",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5230"
},
{
"model": "unified videoconferencing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "52300"
},
{
"model": "unified videoconferencing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "51150"
},
{
"model": "unified videoconferencing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "51100"
},
{
"model": "unified videoconferencing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35450"
},
{
"model": "unified videoconferencing primary rate interface gate",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35270"
},
{
"model": "unified videoconferencing basic rate interfaces gatew",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35220"
},
{
"model": "unified videoconferencing multipoint control unit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35150"
},
{
"model": "unified videoconferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified videoconferencing system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "52307.1.2.15"
},
{
"model": "unified videoconferencing system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "51157.1.2.15"
},
{
"model": "unified videoconferencing system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "51107.1.2.12"
},
{
"model": "unified videoconferencing system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "35455.7.2"
},
{
"model": "unified videoconferencing primary rate interface gate",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "35275.7.2"
},
{
"model": "unified videoconferencing basic rate interfaces gatew",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "35225.7.2"
},
{
"model": "unified videoconferencing multipoint control unit",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "35155.7.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2841"
},
{
"db": "BID",
"id": "44925"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Florent Daigniere",
"sources": [
{
"db": "BID",
"id": "44925"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The SSH server has a restricted shell, but the SSH server configuration allows X.11 to forward and create SOCK proxies. The misconfiguration of this service only affects Linux-based Cisco UVC products. Cisco Unified Videoconferencing is prone to a security bypass vulnerability. \nSuccessful exploits compromise the affected device or cause a denial-of-service condition. \nThese issues are being tracked by Cisco bug ID CSCti54047. \nNOTE: These issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2841"
},
{
"db": "BID",
"id": "44925"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "44925",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2010-2841",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2841"
},
{
"db": "BID",
"id": "44925"
}
]
},
"id": "VAR-201011-0300",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2841"
}
],
"trust": 1.342245934
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2841"
}
]
},
"last_update_date": "2022-05-17T02:08:19.432000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/514798http"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/hw/video/ps1870/index.html"
},
{
"trust": 0.3,
"url": "/archive/1/514797"
},
{
"trust": 0.3,
"url": "/archive/1/514798"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20101206-cuvc.shtml"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2841"
},
{
"db": "BID",
"id": "44925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-2841"
},
{
"db": "BID",
"id": "44925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2841"
},
{
"date": "2010-11-17T00:00:00",
"db": "BID",
"id": "44925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2841"
},
{
"date": "2010-12-06T19:55:00",
"db": "BID",
"id": "44925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "44925"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Videoconferencing Locks OpenSSH Configuration Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2841"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "44925"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…