CERTVU:436854Cisco Tandberg E, EX, and C Series default root credentials
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.051 Low
EPSS
Percentile
93.0%
Overview
Cisco’s Tandberg C series endpoints and E/EX personal video units that run software versions prior to TC4.0.0 have a root administrator account enabled by default with no password.
Description
Cisco Advisory cisco-sa-20110202-tandberg states:
"This vulnerability affects Tandberg C Series Endpoints and E/EX Personal Video units, including software that is running on the C20, C40, C60, C90, E20, EX60, and EX90 codecs. The software version of the Tandberg unit can be determined by logging into the web-based user interface (UI) or using the “xStatus SystemUnit” command.
Users can determine the Tandberg software version by entering the IP address of the codec in a web browser, authenticating (if the device is configured for authentication), and then selecting the “system info” menu option. The version number is displayed after the “Software Version” label in the System Info box.
Alternatively the software version can be determined from the device’s application programmer interface using the “xStatus SystemUnit” command. The software version running on the codec is displayed after the “SystemUnit Software Version” label. The output from “xStatus SystemUnit” will display a result similar to the following:"
_ xStatus SystemUnit_
_ *s SystemUnit ProductType: "Cisco TelePresence Codec"_
_ *s SystemUnit ProductId: "Cisco TelePresence Codec C90"_
_ *s SystemUnit ProductPlatform: "C90"_
_ *s SystemUnit Uptime: 597095_
_ *s SystemUnit Software Application: "Endpoint"_
_ *s SystemUnit Software Version: "TC4.0"_
_ *s SystemUnit Software Name: "s52000"_
_ *s SystemUnit Software ReleaseDate: "2010-11-01"_
_ *s SystemUnit Software MaxVideoCalls: 3_
_ *s SystemUnit Software MaxAudioCalls: 4_
_ *s SystemUnit Software ReleaseKey: "true"_
_ *s SystemUnit Software OptionKeys NaturalPresenter: "true"_
_ *s SystemUnit Software OptionKeys MultiSite: "true"_
_ *s SystemUnit Software OptionKeys PremiumResolution: "true"_
_ *s SystemUnit Hardware Module SerialNumber: "B1AD25A00003"_
_ *s SystemUnit Hardware Module Identifier: "0"_
_ *s SystemUnit Hardware MainBoard SerialNumber: "PH0497201"_
_ *s SystemUnit Hardware MainBoard Identifier: "101401-3 [04]"_
_ *s SystemUnit Hardware VideoBoard SerialNumber: "PH0497874"_
_ *s SystemUnit Hardware VideoBoard Identifier: "101560-1 [02]"_
_ *s SystemUnit Hardware AudioBoard SerialNumber: "N/A"_
_ *s SystemUnit Hardware AudioBoard Identifier: _
_ *s SystemUnit Hardware BootSoftware: "U-Boot 2009.03-65"_
_ *s SystemUnit State System: Initialized_
_ *s SystemUnit State MaxNumberOfCalls: 3_
_ *s SystemUnit State MaxNumberOfActiveCalls: 3_
_ *s SystemUnit State NumberOfActiveCalls: 1_
_ *s SystemUnit State NumberOfSuspendedCalls: 0_
_ *s SystemUnit State NumberOfInProgressCalls: 0_
_ *s SystemUnit State Subsystem Application: Initialized_
_ *s SystemUnit ContactInfo: "[email protected]"_
_ ** end_
Impact
An attacker may be able to gain complete administrative control of the device.
Solution
Apply an Update
Users should upgrade to version TC4.0.0 or later of the device software, disable the root account, and verify the administrator account has a password set. Updates are available from the Cisco Software Area.
Devices running software version TC 4.0.0 or later ** **
To disable the root account, an administrator should log in to the applications programmer interface and use the command “systemtools rootsettings off” to temporarily disable the account, or the command “systemtools rootsettings never” to permanently disable the root user.
The root user is enabled for advanced debugging. If the root user is needed, the password should be configured when the account is enabled. This can be done through the command “systemtools rootsettings on [password]”.
The default configuration of devices running TC4.0.0 does not contain a password for the administrator account. The password for the administrator account should be set with the command “xCommand SystemUnit AdminPassword Set Password: [password]”.
Devices running software versions prior to TC 4.0.0
The root user cannot be disabled on devices running software versions prior to TC4.0.0. The password for the root account is the same as the administrator password. The administrator password is set with the command “xCommand SystemUnit AdminPassword Set Password: [password]”.
Vendor Information
436854
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Cisco Systems, Inc. Affected
Updated: February 03, 2011
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml>
- <http://www.cisco.com/public/sw-center/sw-usingswc.shtml>
- <http://secunia.com/advisories/43158/>
Acknowledgements
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2011-0354 |
|---|---|
| Severity Metric: | 99.00 Date Public: |
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.051 Low
EPSS
Percentile
93.0%