CVE-2010-3038 - OpenCVE

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Videoconferencing System 5110 Unified Videoconferencing System 5110 Firmware Unified Videoconferencing System 5115 Unified Videoconferencing System 5115 Firmware
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:::::::*
	cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:::::::*

OR	cpe:2.3:h:cisco:unified_videoconferencing_system_5110::::::::
	cpe:2.3:h:cisco:unified_videoconferencing_system_5115::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2010/Nov/167
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
http://www.securityfocus.com/bid/44924
http://www.securitytracker.com/id?1024753
http://www.trustmatta.com/advisories/MATTA-2010-001.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2010-11-22T19:00:00

Updated: 2024-08-07T02:55:46.701Z

Reserved: 2010-08-17T00:00:00

Link: CVE-2010-3038

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-11-22T20:00:03.230

Modified: 2010-12-10T06:44:04.647

Link: CVE-2010-3038

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-12-07T10:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt"}, {"name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html"}, {"name": "1024753", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024753"}, {"name": "44924", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44924"}, {"name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2010/Nov/167"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2010-3038", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", "refsource": "MISC", "url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt"}, {"name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html"}, {"name": "1024753", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024753"}, {"name": "44924", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44924"}, {"name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2010/Nov/167"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:55:46.701Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt"}, {"name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html"}, {"name": "1024753", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024753"}, {"name": "44924", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/44924"}, {"name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2010/Nov/167"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2010-3038", "datePublished": "2010-11-22T19:00:00", "dateReserved": "2010-08-17T00:00:00", "dateUpdated": "2024-08-07T02:55:46.701Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "FCDF0DD6-EF3E-4758-A715-1814EA7D603D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "619E7A89-B6B3-4E3B-BB63-5B142920984B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*", "matchCriteriaId": "45DF769C-376D-4D65-B36E-E0F19BD7C8D0", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*", "matchCriteriaId": "615E1C8A-DC4D-40B4-BF9F-E218469E9749", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008."}, {"lang": "es", "value": "Cisco Unified Videoconferencing (UVC) System 5110 y 5115, cuando el sistema operativo Linux se usa, tiene una contrase\u00f1a por defecto para (1) root, (2) cs, y (3) cuentas de desarrollo, lo que hace m\u00e1s sencillo para atacantes remotos obtener acceso a trav\u00e9s de (a) FTP o, (b) demonio SSH, tambi\u00e9n conocido como Bug ID CSCti54008."}], "id": "CVE-2010-3038", "lastModified": "2010-12-10T06:44:04.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-11-22T20:00:03.230", "references": [{"source": "ykramarz@cisco.com", "url": "http://seclists.org/fulldisclosure/2010/Nov/167"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/44924"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1024753"}, {"source": "ykramarz@cisco.com", "url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}