Executive Summary

Title Cisco Network Building Mediator products contain multiple vulnerabilities
Name VU#757804 First vendor Publication 2010-06-02
Vendor VU-CERT Last vendor Modification 2010-07-12
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#757804

Cisco Network Building Mediator products contain multiple vulnerabilities


Cisco Network Building Mediator (NBM) products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or to cause a denial of service.

I. Description

Cisco Network Building Mediator (NBM) products are designed to manage facility energy use. NBM products support automation protocols such as BACnet and Modbus; IT network protocols such as IP, SNMP, SSH, and HTTP/S; and application protocols like XML-RPC and SOAP. NBM products are affected by multiple vulnerabilities, including default administrative credentials, privilege escalation, plaintext transmission of credentials, and unauthenticated access to a file containing credentials. An attacker can exploit these vulnerabilities using several attack vectors over SSH, HTTP/S, and XML-RPC.

Cisco Security Advisory cisco-sa-20100526-mediator notes: "These vulnerabilities affect the legacy Richards-Zeta Mediator 2500 product and Cisco Network Building Mediator NBM-2400 and NBM-4800 models. All Mediator Framework software releases prior to 3.1.1 are affected by all vulnerabilities listed in this security advisory."

See also ICS-CERT Advisory ICSA-10-147-01.

II. Impact

These vulnerabilities could allow an unauthenticated, remote attacker to gain complete control over the mediator. An authorized user could gain administrative privileges, and a remote attacker could cause a denial of service.

III. Solution

As reported in cisco-sa-20100526-mediator, the first fixed releases are 1.5.1.build.14-eng, 2.2.1.dev.1, and 3.0.9.release.1.

Cisco Security Advisory cisco-sa-20100526-mediator and the associated Applied Mitigation Bulletin provide detailed information about workarounds and mitigation techniques, including changing default passwords, disabling unencrypted services, restricting access, and detecting possible attacks.

Vendor Information

VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Affected2010-06-03




Information from Secunia and Cisco was used in this document.

This document was written by Art Manion.

Other Information

Date Public:2010-05-26
Date First Published:2010-06-02
Date Last Updated:2010-07-12
CERT Advisory: 
US-CERT Technical Alerts: 
Document Revision:16

Original Source

Url : http://www.kb.cert.org/vuls/id/757804

CWE : Common Weakness Enumeration

% Id Name
75 % CWE-255 Credentials Management
25 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Application 3

Open Source Vulnerability Database (OSVDB)

Id Description
65282 Cisco Network Building Mediator Remote Configuration File Disclosure

65281 Cisco Network Building Mediator XML RPC Cleartext Admin Credential Remote Dis...

65280 Cisco Network Building Mediator HTTP Cleartext Admin Credential Remote Disclo...

65279 Cisco Network Building Mediator XML RPC Protocol Unspecified Privilege Escala...

65278 Cisco Network Building Mediator HTTP Unspecified Privilege Escalation

65277 Cisco Network Building Mediator Multiple Default Credentials

Alert History

If you want to see full details history, please login or register.
Date Informations
2013-05-11 00:57:21
  • Multiple Updates