Published: 03/02/2011 Updated: 22/09/2011

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote malicious users to obtain access via an unspecified login method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco tandberg_endpoint
cisco tandberg_endpoint tc3.1.2
cisco tandberg_endpoint tc3.1.1
cisco tandberg_endpoint tc2.1.2
cisco tandberg_endpoint tc3.1.0
cisco tandberg_endpoint tc3.0.0
cisco tandberg_endpoint c90
cisco tandberg_endpoint c60
cisco tandberg_endpoint c40
cisco tandberg_endpoint c20
cisco tandberg_personal_video_unit_software tc3.1.0
cisco tandberg_personal_video_unit_software tc3.1.2
cisco tandberg_personal_video_unit_software tc3.1.1
cisco tandberg_personal_video_unit_software
cisco tandberg_personal_video_unit ex90
cisco tandberg_personal_video_unit_software te2.2.0
cisco tandberg_personal_video_unit_software te1.0.1
cisco tandberg_personal_video_unit e20
cisco tandberg_personal_video_unit ex60

Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC400 ship with a root administrator account that is enabled by default with no password An attacker could use this account in order to modify the application configuration or operating system settings Resolving this default p ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints Advisory ID: cisco-sa-20110202-tandberg Revision 10 For Public Release 2011 February 2 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Ta ...

CWE-255 http://tools.cisco.com/security/center/viewAlert.x?alertId=22314 http://www.securityfocus.com/bid/46107 http://securitytracker.com/id?1025017 http://www.exploit-db.com/exploits/16100 http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml http://www.kb.cert.org/vuls/id/436854 http://secunia.com/advisories/43158 http://securityreason.com/securityalert/8060 https://nvd.nist.gov https://www.exploit-db.com/exploits/16100/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110202-tandberg https://www.kb.cert.org/vuls/id/436854

CVE-2011-0354

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect