Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Information
Published : 2010-11-22 12:00
Updated : 2010-11-29 21:00
NVD link : CVE-2010-4305
Mitre link : CVE-2010-4305
JSON object : View
CWE
CWE-310
Cryptographic Issues
Products Affected
cisco
- unified_videoconferencing_system_5230_firmware
- unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware
- unified_videoconferencing_system_5110
- unified_videoconferencing_system_5110_firmware
- unified_videoconferencing_system_5230
- unified_videoconferencing_system_5115
- unified_videoconferencing_system_3515_multipoint_control_unit_firmware
- unified_videoconferencing_system_3545_firmware
- unified_videoconferencing_system_3522_basic_rate_interface_gateway
- unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware
- unified_videoconferencing_system_3527_primary_rate_interface_gateway
- unified_videoconferencing_system_3515_multipoint_control_unit
- unified_videoconferencing_system_5115_firmware
- unified_videoconferencing_system_3545