Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-4305

Опубликовано: 22 нояб. 2010
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_3545_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_5230_firmware:7.0.1.13.3:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:unified_videoconferencing_system_3515_multipoint_control_unit:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_3545:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_5230:*:*:*:*:*:*:*:*

EPSS

Процентиль: 49%
0.0026
Низкий

5 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

github логотип

GHSA-wr7g-9fxm-4x77

github
больше 3 лет назад

Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052.

EPSS

Процентиль: 49%
0.0026
Низкий

5 Medium

CVSS2

Дефекты

CWE-310