Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2010-3037

Published: 22/11/2010 Updated: 10/12/2010
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Unified Videoconferencing System 5115 Firmware

Vulnerability Summary

goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco unified_videoconferencing_system_5115_firmware 7.0.1.13.3

cisco unified_videoconferencing_system_5110_firmware 7.0.1.13.3

cisco unified_videoconferencing_system_5115

cisco unified_videoconferencing_system_5110

cisco unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware 7.0.1.13.3

cisco unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware 7.0.1.13.3

cisco unified_videoconferencing_system_3515_multipoint_control_unit_firmware 7.0.1.13.3

cisco unified_videoconferencing_system_3545_firmware 7.0.1.13.3

cisco unified_videoconferencing_system_5230_firmware 7.0.1.13.3

cisco unified_videoconferencing_system_3522_basic_rate_interface_gateway

cisco unified_videoconferencing_system_3515_multipoint_control_unit

cisco unified_videoconferencing_system_3545

cisco unified_videoconferencing_system_5230

cisco unified_videoconferencing_system_3527_primary_rate_interface_gateway

Vendor Advisories

Cisco: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products
This is the Cisco Product Security Incident Response Team (PSIRT) security advisory related to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products Several of the vulnerabilitie ...

References

CWE-94http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.htmlhttp://seclists.org/fulldisclosure/2010/Nov/167http://www.trustmatta.com/advisories/MATTA-2010-001.txthttp://www.securitytracker.com/id?1024753http://www.securityfocus.com/bid/44922https://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20101206-cuvc
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook