CVE-2010-4304

The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_3545_firmware:7.0.1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_videoconferencing_system_5230_firmware:7.0.1.13.3:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:unified_videoconferencing_system_3515_multipoint_control_unit:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_3545:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_videoconferencing_system_5230:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-11-22 20:00

Updated : 2024-02-04 17:54


NVD link : CVE-2010-4304

Mitre link : CVE-2010-4304

CVE.ORG link : CVE-2010-4304


JSON object : View

Products Affected

cisco

  • unified_videoconferencing_system_3527_primary_rate_interface_gateway
  • unified_videoconferencing_system_5110
  • unified_videoconferencing_system_3545_firmware
  • unified_videoconferencing_system_5230
  • unified_videoconferencing_system_5230_firmware
  • unified_videoconferencing_system_3515_multipoint_control_unit_firmware
  • unified_videoconferencing_system_3522_basic_rate_interface_gateway
  • unified_videoconferencing_system_5115_firmware
  • unified_videoconferencing_system_5110_firmware
  • unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware
  • unified_videoconferencing_system_3515_multipoint_control_unit
  • unified_videoconferencing_system_3545
  • unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware
  • unified_videoconferencing_system_5115
CWE
CWE-310

Cryptographic Issues