Published: 27/05/2010 Updated: 13/06/2010

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Cisco Mediator Framework 1.5.1 prior to 1.5.1.build.14-eng, 2.2 prior to 2.2.1.dev.1, and 3.0 prior to 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote malicious users to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco mediator_framework 2.2
cisco mediator_framework 3.0.8
cisco mediator_framework 1.5.1

Multiple vulnerabilities exist in the Cisco Network Building Mediator (NBM) products These vulnerabilities also affect the legacy Richards-Zeta Mediator products This security advisory outlines details of the following vulnerabilities: Default credentials Privilege escalation Unauthorized information interception ...

CWE-255 http://securitytracker.com/id?1024027 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml http://secunia.com/advisories/39904 http://www.kb.cert.org/vuls/id/757804 http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100526-mediator https://www.kb.cert.org/vuls/id/757804

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0599

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect