Executive Summary

Title Multiple Vulnerabilities in Cisco Network Building Mediator
Name cisco-sa-20100526-mediator First vendor Publication 2009-10-27
Vendor Cisco Last vendor Modification 2010-05-26
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Multiple vulnerabilities exist in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products. This security advisory outlines details of the following vulnerabilities:

* Default credentials
* Privilege escalation
* Unauthorized information interception
* Unauthorized information access

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of the listed vulnerabilities are available.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2 (...)

CWE : Common Weakness Enumeration

% Id Name
75 % CWE-255 Credentials Management
25 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Application 3

Open Source Vulnerability Database (OSVDB)

Id Description
65282 Cisco Network Building Mediator Remote Configuration File Disclosure

65281 Cisco Network Building Mediator XML RPC Cleartext Admin Credential Remote Dis...

65280 Cisco Network Building Mediator HTTP Cleartext Admin Credential Remote Disclo...

65279 Cisco Network Building Mediator XML RPC Protocol Unspecified Privilege Escala...

65278 Cisco Network Building Mediator HTTP Unspecified Privilege Escalation

65277 Cisco Network Building Mediator Multiple Default Credentials

Alert History

If you want to see full details history, please login or register.
Date Informations
2013-05-11 00:42:38
  • Multiple Updates