CVE-2009-4510 - The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, w

CVE-2009-4510

Summary

The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets.

References

Vulnerable Configurations

cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:*:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:*:*:*:*:*:*:*:*

CVSS

Base:	8.5 (as of 13-08-2018 - 21:47)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:S/C:C/I:C/A:C

refmap via4

confirm	http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf
misc	http://www.vsecurity.com/resources/advisory/20100409-2
secunia	39275

Last major update

13-08-2018 - 21:47

Published

13-04-2010 - 17:30

Last modified

13-08-2018 - 21:47