CVE-2010-0600

2010-05-2719:30:01

CWE-264

[email protected]

web.nvd.nist.gov

cisco

mediator framework

remote access

vulnerability

cve-2010-0600

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.

Affected configurations

NVD

Node

ciscomediator_frameworkMatch1.5.1

ciscomediator_frameworkMatch2.2

ciscomediator_frameworkMatch3.0.8

AND

cisconetwork_building_mediator_nbm-2400

cisconetwork_building_mediator_nbm-4800

ciscorichards-zeta_mediator_2500

CPENameOperatorVersion
cisco:mediator_frameworkcisco mediator frameworkeq1.5.1
cisco:mediator_frameworkcisco mediator frameworkeq2.2
cisco:mediator_frameworkcisco mediator frameworkeq3.0.8

CPE	Name	Operator	Version
cisco:mediator_framework	cisco mediator framework	eq	1.5.1
cisco:mediator_framework	cisco mediator framework	eq	2.2
cisco:mediator_framework	cisco mediator framework	eq	3.0.8