CVE-2010-0593 - OpenCVE

The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Pvc2300 Rvs4000 Wvc200 Wvc210 Wvc2300

Configuration 1 [-]

cpe:2.3:h:cisco:pvc2300:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:h:cisco:wvc200::::::::
	cpe:2.3:h:cisco:wvc200:1.1.0.12:::::::*

Configuration 3 [-]

OR	cpe:2.3:h:cisco:wvc210::::::::
	cpe:2.3:h:cisco:wvc210:1.1.0.12:::::::*

Configuration 4 [-]

cpe:2.3:h:cisco:wvc2300:*:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:h:cisco:rvs4000::::::::
	cpe:2.3:h:cisco:rvs4000:1.3.0.5:::::::*

No data.

References

Link	Providers
http://osvdb.org/63978
http://secunia.com/advisories/39510
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml
http://www.securityfocus.com/bid/39612
http://www.securitytracker.com/id?1023906
http://www.vupen.com/english/advisories/2010/0965
https://exchange.xforce.ibmcloud.com/vulnerabilities/58034

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2010-04-22T14:00:00

Updated: 2024-08-07T00:52:19.613Z

Reserved: 2010-02-10T00:00:00

Link: CVE-2010-0593

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-04-22T14:30:00.853

Modified: 2017-08-17T01:32:02.587

Link: CVE-2010-0593

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20100421 Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"}, {"name": "1023906", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1023906"}, {"name": "cisco-small-business-unauth-access(58034)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"}, {"name": "ADV-2010-0965", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0965"}, {"name": "63978", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/63978"}, {"name": "39612", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39612"}, {"name": "39510", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39510"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2010-0593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100421 Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"}, {"name": "1023906", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023906"}, {"name": "cisco-small-business-unauth-access(58034)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"}, {"name": "ADV-2010-0965", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0965"}, {"name": "63978", "refsource": "OSVDB", "url": "http://osvdb.org/63978"}, {"name": "39612", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39612"}, {"name": "39510", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39510"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:52:19.613Z"}, "title": "CVE Program Container", "references": [{"name": "20100421 Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"}, {"name": "1023906", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1023906"}, {"name": "cisco-small-business-unauth-access(58034)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"}, {"name": "ADV-2010-0965", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0965"}, {"name": "63978", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/63978"}, {"name": "39612", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/39612"}, {"name": "39510", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39510"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2010-0593", "datePublished": "2010-04-22T14:00:00", "dateReserved": "2010-02-10T00:00:00", "dateUpdated": "2024-08-07T00:52:19.613Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:pvc2300:*:*:*:*:*:*:*:*", "matchCriteriaId": "7261E300-E1FF-4BED-A769-4EF5160A19B8", "versionEndIncluding": "1.1.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wvc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9949161-A6F8-4FCA-B0F9-B24F8902B796", "versionEndIncluding": "1.1.0.15", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:wvc200:1.1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "75A3FA1B-7F80-4400-8384-FD00BC3AAFEC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wvc210:*:*:*:*:*:*:*:*", "matchCriteriaId": "582D8387-3185-45AA-A833-DFEF7BF9B7BD", "versionEndIncluding": "1.1.0.15", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:wvc210:1.1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "66012205-BEBC-4915-A116-7DB82430DBC0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wvc2300:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AF1A282-36FF-4D15-A981-83B18977DE93", "versionEndIncluding": "1.1.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rvs4000:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D7FF6DC-E1FF-4E6D-8A6C-098E07F5D898", "versionEndIncluding": "1.3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:rvs4000:1.3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "10D53639-E058-474D-9E02-D0B602460A31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."}, {"lang": "es", "value": "Cisco RVS4000 4-port Gigabit Security Router en versiones anteriores a la v1.3.2.0, PVC2300 Business Internet Video Camera en versiones anteriores a la v1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, y WVC2300 Wireless-G Business Internet Video Camera en versiones anteriores a la v1.1.2.6 no restringen de manera apropiada el acceso de lectura a las contrase\u00f1as, lo que permite a atacantes dependiendo del contexto obtener informaci\u00f3n confidencial. Vulnerabilidad relacionada con (1) acceso de usuarios remotos autenticados a PVC2300 o WVC2300 a trav\u00e9s de una URL modificada, (2) habilitar privilegios de configuraci\u00f3n en un WVC200 o WVC210, y (3) habilitar privilegios de administraci\u00f3n en un RVS4000. Tambi\u00e9n conocido como Bug ID CSCte64726."}], "id": "CVE-2010-0593", "lastModified": "2017-08-17T01:32:02.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-22T14:30:00.853", "references": [{"source": "ykramarz@cisco.com", "url": "http://osvdb.org/63978"}, {"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/39510"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/39612"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1023906"}, {"source": "ykramarz@cisco.com", "url": "http://www.vupen.com/english/advisories/2010/0965"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}