Lucene search

[email protected]CVE-2010-3037

HistoryNov 22, 2010 - 8:00 p.m.

CVE-2010-3037

2010-11-2220:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-3037

cisco

unified videoconferencing

uvc

system 5110

5115

3545

5230

3527

3522

3515

authentication

shell command injection vulnerability

bug id cscti54059

7.9 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.0%

JSON

goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a “shell command injection vulnerability,” aka Bug ID CSCti54059.

CPENameOperatorVersion
cisco:unified_videoconferencing_system_5110_firmwarecisco unified videoconferencing system 5110 firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_5115_firmwarecisco unified videoconferencing system 5115 firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_5110cisco unified videoconferencing system 5110eq*
cisco:unified_videoconferencing_system_5115cisco unified videoconferencing system 5115eq*
cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmwarecisco unified videoconferencing system 3515 multipoint control unit firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmwarecisco unified videoconferencing system 3522 basic rate interface gateway firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmwarecisco unified videoconferencing system 3527 primary rate interface gateway firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_3545_firmwarecisco unified videoconferencing system 3545 firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_5230_firmwarecisco unified videoconferencing system 5230 firmwareeq7.0.1.13.3
cisco:unified_videoconferencing_system_3515_multipoint_control_unitcisco unified videoconferencing system 3515 multipoint control uniteq*

CPE	Name	Operator	Version
cisco:unified_videoconferencing_system_5110_firmware	cisco unified videoconferencing system 5110 firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_5115_firmware	cisco unified videoconferencing system 5115 firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_5110	cisco unified videoconferencing system 5110	eq	*
cisco:unified_videoconferencing_system_5115	cisco unified videoconferencing system 5115	eq	*
cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmware	cisco unified videoconferencing system 3515 multipoint control unit firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware	cisco unified videoconferencing system 3522 basic rate interface gateway firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware	cisco unified videoconferencing system 3527 primary rate interface gateway firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_3545_firmware	cisco unified videoconferencing system 3545 firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_5230_firmware	cisco unified videoconferencing system 5230 firmware	eq	7.0.1.13.3
cisco:unified_videoconferencing_system_3515_multipoint_control_unit	cisco unified videoconferencing system 3515 multipoint control unit	eq	*

Rows per page:

1-10 of 141

References

seclists.org/fulldisclosure/2010/Nov/167

www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html

www.securityfocus.com/bid/44922

www.securitytracker.com/id?1024753

www.trustmatta.com/advisories/MATTA-2010-001.txt

7.9 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2010-3037

prion1 securityvulns3