Executive Summary

Summary
TitleCisco TelePresence Recording Server Default Credentials for Root Account Vulnerability
Informations
Namecisco-sa-20110729-tpFirst vendor Publication2011-07-28
VendorCiscoLast vendor Modification2011-07-29
Severity (Vendor) N/ARevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco TelePresence Recording Server Software Release 1.7.2.0 includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings.

A workaround exists to mitigate this vulnerability.

Cisco has released free software updates that address this vulnerability.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8 (...)

CWE : Common Weakness Enumeration

idName
CWE-255Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
74816Cisco TelePresence Recording Server root Account Default Password