CVE-2010-3038

Related Files

Cisco Unified Videoconferencing Command Injection / Various Issues

Posted Nov 18, 2010

Authored by Florent Daigniere | Site trustmatta.com

Cisco Unified Videoconferencing system versions 3515,3522,3527,5230,3545,5110 and 5115 suffer from hard-coded credential, service misconfiguration, weak session ID, cookie storing of credentials, command injection and weak obfuscation vulnerabilities.

tags | advisory, vulnerability

systems | cisco

advisories | CVE-2010-3037, CVE-2010-3038

SHA-256 | 34574a022d1b743eb1e6b83e30eab653ab9cf93cb2d80db1668e365bd9c2323f

Download | Favorite | View

Cisco Security Response 20101117-cuvc

Posted Nov 17, 2010

Authored by Cisco Systems | Site cisco.com

This is the Cisco Product Security Incident Response Team (PSIRT) response to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. Several of the vulnerabilities also impact Cisco Unified Videoconferencing 5200 and 3500 Series Products.

tags | advisory, vulnerability

systems | cisco

advisories | CVE-2010-3037, CVE-2010-3038

SHA-256 | 69ff03ff2b451e16c8342723ca698a082590a674746e6fb250333321452c49ba

Download | Favorite | View