Cisco Mediator Framework 1.5.1 prior to 1.5.1.build.14-eng, 2.2 prior to 2.2.1.dev.1, and 3.0 prior to 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote malicious users to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco mediator_framework 2.2 |
||
cisco mediator_framework 3.0.8 |
||
cisco mediator_framework 1.5.1 |