1. CVE-Search
  2. CVE-2011-0354
ID CVE-2011-0354
Summary The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:tandberg_endpoint:tc2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_endpoint:tc2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_endpoint:tc3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_endpoint:tc3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_endpoint:*:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_endpoint:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:tandberg_endpoint:c20:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:tandberg_endpoint:c20:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:tandberg_endpoint:c40:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:tandberg_endpoint:c40:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:tandberg_endpoint:c60:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:tandberg_endpoint:c60:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:tandberg_endpoint:c90:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:tandberg_endpoint:c90:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:tandberg_personal_video_unit:ex90:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:tandberg_personal_video_unit:ex90:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:tandberg_personal_video_unit:e20:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:tandberg_personal_video_unit:e20:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:tandberg_personal_video_unit:ex60:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:tandberg_personal_video_unit:ex60:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 22-09-2011 - 03:28)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 46107
cert-vn VU#436854
cisco 20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints
confirm http://tools.cisco.com/security/center/viewAlert.x?alertId=22314
exploit-db 16100
sectrack 1025017
secunia 43158
sreason 8060
Last major update 22-09-2011 - 03:28
Published 03-02-2011 - 16:00
Last modified 22-09-2011 - 03:28
Back to Top