Executive Summary

Summary
TitleMultiple Vulnerabilities in Cisco Unified Videoconferencing Products
Informations
Namecisco-sa-20101206-cuvcFirst vendor Publication2010-12-02
VendorCiscoLast vendor Modification2010-12-06
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

This is the Cisco Product Security Incident Response Team (PSIRT) security advisory related to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. Several of the vulnerabilities also impact Cisco Unified Videoconferencing 5200 and 3500 Series Products.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b5 (...)

CWE : Common Weakness Enumeration

idName
CWE-255Credentials Management
CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Application1
Application1
Application1
Application1
Application1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1

Open Source Vulnerability Database (OSVDB)

idDescription
69447Cisco Unified Videoconferencing (UVC) Multiple Products Multiple Account Defa...
69446Cisco Unified Videoconferencing (UVC) Multiple Products goform/websXMLAdminRe...