CVE-2010-4305

Published Nov 22, 2010

Last updated 3 months ago

CVSS info 5.0

Overview

Description: Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCDF0DD6-EF3E-4758-A715-1814EA7D603D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "619E7A89-B6B3-4E3B-BB63-5B142920984B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45DF769C-376D-4D65-B36E-E0F19BD7C8D0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "615E1C8A-DC4D-40B4-BF9F-E218469E9749"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmware:7.0.1.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "747652A1-71DC-4297-B77F-8200151D35F6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76FFD574-E006-41C0-A36F-1A92E9010C4C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDB5B5AD-380E-4D47-9709-EC061E96AD8E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_3545_firmware:7.0.1.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71B219F7-72B2-4E99-B2D7-2F561E909EAD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_5230_firmware:7.0.1.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62E823AD-E1BA-42F2-8BB6-61E73B95A47F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_3515_multipoint_control_unit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC69B14E-5496-42EC-A4D2-A75D49338543"
          },
          {
            "criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63A8BAE9-E148-49AF-B1AB-FA2B9705B549"
          },
          {
            "criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B06F2E5A-B4FE-4C66-B74C-B937B16F4369"
          },
          {
            "criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_3545:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1418C4B0-ECF7-496D-9557-73C89CCD5F9B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_5230:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC12B370-8B14-4A8D-9489-66A042316617"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References