CVE-2010-4302

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.trustmatta.com/advisories/MATTA-2010-001.txt
http://seclists.org/fulldisclosure/2010/Nov/167
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:::::::*
	cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:::::::*

OR	cpe:2.3:h:cisco:unified_videoconferencing_system_5115::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:h:cisco:unified_videoconferencing_system_5110::::::::

Information

Published : 2010-11-22 12:00

Updated : 2010-11-29 21:00

NVD link : CVE-2010-4302

Mitre link : CVE-2010-4302

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

cisco

unified_videoconferencing_system_5110
unified_videoconferencing_system_5110_firmware
unified_videoconferencing_system_5115
unified_videoconferencing_system_5115_firmware

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", "name": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", "tags": [], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2010/Nov/167", "name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html", "name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", "tags": ["Vendor Advisory"], "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4302", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-11-22T20:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-11-30T05:00Z"}

4.9 /10