CVE-2010-3038

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html	Vendor Advisory
http://www.trustmatta.com/advisories/MATTA-2010-001.txt
http://seclists.org/fulldisclosure/2010/Nov/167
http://www.securitytracker.com/id?1024753
http://www.securityfocus.com/bid/44924

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:::::::*
	cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:::::::*

OR	cpe:2.3:h:cisco:unified_videoconferencing_system_5110::::::::
	cpe:2.3:h:cisco:unified_videoconferencing_system_5115::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Information

Published : 2010-11-22 12:00

Updated : 2010-12-09 22:44

NVD link : CVE-2010-3038

Mitre link : CVE-2010-3038

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

cisco

unified_videoconferencing_system_5110
unified_videoconferencing_system_5110_firmware
unified_videoconferencing_system_5115
unified_videoconferencing_system_5115_firmware

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html", "name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", "name": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", "tags": [], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2010/Nov/167", "name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.securitytracker.com/id?1024753", "name": "1024753", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/44924", "name": "44924", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-3038", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-11-22T20:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-12-10T06:44Z"}

10.0 /10