Cisco Mediator Framework 1.5.1 prior to 1.5.1.build.14-eng, 2.2 prior to 2.2.1.dev.1, and 3.0 prior to 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote malicious users to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco mediator_framework 2.2 |
||
cisco mediator_framework 3.0.8 |
||
cisco mediator_framework 1.5.1 |