VAR-201011-0450

Vulnerability from variot - Updated: 2022-05-17 02:10

Cisco Unified Videoconferencing is prone to multiple remote vulnerabilities and a weakness. An attacker can exploit these issue to gain unauthorized access to the affected device, gain access to sensitive information, compromise the affected device, and hijack a user's session. Other attacks are also possible. The following products are affected: Cisco Unified Videoconferencing 5110 System Cisco Unified Videoconferencing 5115 System Cisco Unified Videoconferencing 5230 System Cisco Unified Videoconferencing 3545 System Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) This BID is being retired. The following individual records exist to better document the issues: 44922 Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities 44923 Cisco Unified Videoconferencing Password Obfuscation Vulnerability 44924 Cisco Unified Videoconferencing Hardcoded User Credentials Authentication Bypass Vulnerability 44925 Cisco Unified Videoconferencing Security Bypass Vulnerability 44926 Cisco Unified Videoconferencing Web Interface Weak Session Cookie Session Hijacking Vulnerability 44927 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability 44928 Cisco Unified Videoconferencing FTP Server Security Weakness 44929 Cisco Unified Videoconferencing Security Bypass Vulnerability 44936 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability

Show details on source website
To clipboard Create KEV Entry 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0450",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified videoconferencing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "52300"
      },
      {
        "model": "unified videoconferencing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "51150"
      },
      {
        "model": "unified videoconferencing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "51100"
      },
      {
        "model": "unified videoconferencing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35450"
      },
      {
        "model": "unified videoconferencing primary rate interface gate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35270"
      },
      {
        "model": "unified videoconferencing basic rate interfaces gatew",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35220"
      },
      {
        "model": "unified videoconferencing multipoint control unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35150"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "44908"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Florent Daigniere, Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "44908"
      }
    ],
    "trust": 0.3
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Videoconferencing is prone to multiple remote vulnerabilities and a weakness.\nAn attacker can exploit these issue to gain unauthorized access to the affected device, gain access to sensitive information,  compromise the affected device, and hijack a user\u0027s session. Other attacks are also possible.\nThe following products are affected:\nCisco Unified Videoconferencing 5110 System\nCisco Unified Videoconferencing 5115 System\nCisco Unified Videoconferencing 5230 System\nCisco Unified Videoconferencing 3545 System\nCisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway\nCisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway\nCisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU)\nThis BID is being retired. The following individual records exist to better document the issues:\n44922 Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities\n44923 Cisco Unified Videoconferencing Password Obfuscation Vulnerability\n44924 Cisco Unified Videoconferencing Hardcoded User Credentials Authentication Bypass Vulnerability\n44925 Cisco Unified Videoconferencing Security Bypass Vulnerability\n44926 Cisco Unified Videoconferencing Web Interface Weak Session Cookie Session Hijacking Vulnerability\n44927 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability\n44928 Cisco Unified Videoconferencing FTP Server Security Weakness\n44929 Cisco Unified Videoconferencing Security Bypass Vulnerability\n44936 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "44908"
      }
    ],
    "trust": 0.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "44908",
        "trust": 0.3
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "44908"
      }
    ]
  },
  "id": "VAR-201011-0450",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.6074469233333333
  },
  "last_update_date": "2022-05-17T02:10:00.668000Z",
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/hw/video/ps1870/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/514797"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/514798"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "44908"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "44908"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-11-17T00:00:00",
        "db": "BID",
        "id": "44908"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-11-18T16:16:00",
        "db": "BID",
        "id": "44908"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "44908"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RETIRED: Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness",
    "sources": [
      {
        "db": "BID",
        "id": "44908"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "44908"
      }
    ],
    "trust": 0.3
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.