CVE-2010-0598

2010-05-2719:30:01

CWE-255

[email protected]

web.nvd.nist.gov

cisco

mediator framework

nbm-2400

nbm-4800

richards-zeta

http

encryption

remote attackers

administrator credentials

vulnerability

cve-2010-0598

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.9%

JSON

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631.

Affected configurations

NVD

Node

ciscomediator_frameworkMatch1.5.1

ciscomediator_frameworkMatch2.2

ciscomediator_frameworkMatch3.0.8

AND

cisconetwork_building_mediator_nbm-2400

cisconetwork_building_mediator_nbm-4800

ciscorichards-zeta_mediator_2500

CPENameOperatorVersion
cisco:mediator_frameworkcisco mediator frameworkeq1.5.1
cisco:mediator_frameworkcisco mediator frameworkeq2.2
cisco:mediator_frameworkcisco mediator frameworkeq3.0.8

CPE	Name	Operator	Version
cisco:mediator_framework	cisco mediator framework	eq	1.5.1
cisco:mediator_framework	cisco mediator framework	eq	2.2
cisco:mediator_framework	cisco mediator framework	eq	3.0.8