Cisco Mediator Framework 1.5.1 prior to 1.5.1.build.14-eng, 2.2 prior to 2.2.1.dev.1, and 3.0 prior to 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote malicious users to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco mediator_framework 1.5.1 |
||
cisco mediator_framework 2.2 |
||
cisco mediator_framework 3.0.8 |