Executive Summary

Summary
Title Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability
Informations
Name cisco-sa-20110729-tp First vendor Publication 2011-07-28
Vendor Cisco Last vendor Modification 2011-07-29
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco TelePresence Recording Server Software Release 1.7.2.0 includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings.

A workaround exists to mitigate this vulnerability.

Cisco has released free software updates that address this vulnerability.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8 (...)

CWE : Common Weakness Enumeration

idName
CWE-255Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
74816Cisco TelePresence Recording Server root Account Default Password