Executive Summary

Summary
Title Cisco Tandberg E, EX, and C Series default root credentials
Informations
Name VU#436854 First vendor Publication 2011-02-03
Vendor VU-CERT Last vendor Modification 2011-02-03
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#436854

Cisco Tandberg E, EX, and C Series default root credentials

Overview

Cisco's Tandberg C series endpoints and E/EX personal video units that run software versions prior to TC4.0.0 have a root administrator account enabled by default with no password.

I. Description

Cisco Advisory cisco-sa-20110202-tandberg states:

"This vulnerability affects Tandberg C Series Endpoints and E/EX Personal Video units, including software that is running on the C20, C40, C60, C90, E20, EX60, and EX90 codecs. The software version of the Tandberg unit can be determined by logging into the web-based user interface (UI) or using the "xStatus SystemUnit" command.

Users can determine the Tandberg software version by entering the IP address of the codec in a web browser, authenticating (if the device is configured for authentication), and then selecting the "system info" menu option. The version number is displayed after the "Software Version" label in the System Info box.

Alternatively the software version can be determined from the device's application programmer interface using the "xStatus SystemUnit" command. The software version running on the codec is displayed after the "SystemUnit Software Version" label. The output from "xStatus SystemUnit" will display a result similar to the following:"

    xStatus SystemUnit
    *s SystemUnit ProductType: "Cisco TelePresence Codec"
    *s SystemUnit ProductId: "Cisco TelePresence Codec C90"
    *s SystemUnit ProductPlatform: "C90"
    *s SystemUnit Uptime: 597095
    *s SystemUnit Software Application: "Endpoint"
    *s SystemUnit Software Version: "TC4.0"
    *s SystemUnit Software Name: "s52000"
    *s SystemUnit Software ReleaseDate: "2010-11-01"
    *s SystemUnit Software MaxVideoCalls: 3
    *s SystemUnit Software MaxAudioCalls: 4
    *s SystemUnit Software ReleaseKey: "true"
    *s SystemUnit Software OptionKeys NaturalPresenter: "true"
    *s SystemUnit Software OptionKeys MultiSite: "true"
    *s SystemUnit Software OptionKeys PremiumResolution: "true"
    *s SystemUnit Hardware Module SerialNumber: "B1AD25A00003"
    *s SystemUnit Hardware Module Identifier: "0"
    *s SystemUnit Hardware MainBoard SerialNumber: "PH0497201"
    *s SystemUnit Hardware MainBoard Identifier: "101401-3 [04]"
    *s SystemUnit Hardware VideoBoard SerialNumber: "PH0497874"
    *s SystemUnit Hardware VideoBoard Identifier: "101560-1 [02]"
    *s SystemUnit Hardware AudioBoard SerialNumber: "N/A"
    *s SystemUnit Hardware AudioBoard Identifier: ""
    *s SystemUnit Hardware BootSoftware: "U-Boot 2009.03-65"
    *s SystemUnit State System: Initialized
    *s SystemUnit State MaxNumberOfCalls: 3
    *s SystemUnit State MaxNumberOfActiveCalls: 3
    *s SystemUnit State NumberOfActiveCalls: 1
    *s SystemUnit State NumberOfSuspendedCalls: 0
    *s SystemUnit State NumberOfInProgressCalls: 0
    *s SystemUnit State Subsystem Application: Initialized
    *s SystemUnit ContactInfo: "helpdesk@company.com"
    ** end

II. Impact

An attacker may be able to gain complete administrative control of the device.

III. Solution

Apply an Update

Users should upgrade to version TC4.0.0 or later of the device software, disable the root account, and verify the administrator account has a password set. Updates are available from the Cisco Software Area.

Devices running software version TC 4.0.0 or later

To disable the root account, an administrator should log in to the applications programmer interface and use the command "systemtools rootsettings off" to temporarily disable the account, or the command "systemtools rootsettings never" to permanently disable the root user.

The root user is enabled for advanced debugging. If the root user is needed, the password should be configured when the account is enabled. This can be done through the command "systemtools rootsettings on [password]".

The default configuration of devices running TC4.0.0 does not contain a password for the administrator account. The password for the administrator account should be set with the command "xCommand SystemUnit AdminPassword Set Password: [password]".

Devices running software versions prior to TC 4.0.0

The root user cannot be disabled on devices running software versions prior to TC4.0.0. The password for the root account is the same as the administrator password. The administrator password is set with the command "xCommand SystemUnit AdminPassword Set Password: [password]".

Vendor Information

VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Affected2011-02-03

References

http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
http://secunia.com/advisories/43158/

Credit

This document was written by Jared Allar.

Other Information

Date Public:2011-02-02
Date First Published:2011-02-03
Date Last Updated:2011-02-03
CERT Advisory: 
CVE-ID(s):CVE-2011-0354
NVD-ID(s):CVE-2011-0354
US-CERT Technical Alerts: 
Severity Metric:99.00
Document Revision:13

Original Source

Url : http://www.kb.cert.org/vuls/id/436854

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6
Application 7
Hardware 4
Hardware 3

ExploitDB Exploits

id Description
2011-02-02 Tandberg E, EX and C Series Endpoints Default Credentials for Root Account

OpenVAS Exploits

Date Description
2012-11-14 Name : Cisco TANDBERG C Series and E/EX Series Default Credentials Authentication By...
File : nvt/gb_tandberg_46107.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68309 Cisco TANDBERG Default Unpassworded root Account

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-05-11 00:57:05
  • Multiple Updates