Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2010-05-27 |
| Product | Mediator Framework | Last view | 2010-05-27 |
| Version | 3.0.8 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:cisco:mediator_framework | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 10 | 2010-05-27 | CVE-2010-0600 | Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512. |
| 9.3 | 2010-05-27 | CVE-2010-0599 | Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505. |
| 9.3 | 2010-05-27 | CVE-2010-0598 | Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631. |
| 9 | 2010-05-27 | CVE-2010-0597 | Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618. |
| 9 | 2010-05-27 | CVE-2010-0596 | Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607. |
| 10 | 2010-05-27 | CVE-2010-0595 | Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 75% (3) | CWE-255 | Credentials Management |
| 25% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 65282 | Cisco Network Building Mediator Remote Configuration File Disclosure |
| 65281 | Cisco Network Building Mediator XML RPC Cleartext Admin Credential Remote Dis... |
| 65280 | Cisco Network Building Mediator HTTP Cleartext Admin Credential Remote Disclo... |
| 65279 | Cisco Network Building Mediator XML RPC Protocol Unspecified Privilege Escala... |
| 65278 | Cisco Network Building Mediator HTTP Unspecified Privilege Escalation |
| 65277 | Cisco Network Building Mediator Multiple Default Credentials |
