CVE-2011-0354 (GCVE-0-2011-0354)

Vulnerability from cvelistv5

Published

2011-02-03 15:00

Modified

2024-08-06 21:51

Severity ?

CWE

Summary

References

URL

Tags

psirt@cisco.com	http://secunia.com/advisories/43158	Vendor Advisory
psirt@cisco.com	http://securityreason.com/securityalert/8060
psirt@cisco.com	http://securitytracker.com/id?1025017
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=22314
psirt@cisco.com	http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml	Vendor Advisory
psirt@cisco.com	http://www.exploit-db.com/exploits/16100
psirt@cisco.com	http://www.kb.cert.org/vuls/id/436854	US Government Resource
psirt@cisco.com	http://www.securityfocus.com/bid/46107
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43158	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8060
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025017
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=22314
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/16100
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/436854	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46107

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:08.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1025017",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
          },
          {
            "name": "8060",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8060"
          },
          {
            "name": "46107",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46107"
          },
          {
            "name": "VU#436854",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/436854"
          },
          {
            "name": "20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
          },
          {
            "name": "16100",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/16100"
          },
          {
            "name": "43158",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-22T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1025017",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
        },
        {
          "name": "8060",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8060"
        },
        {
          "name": "46107",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46107"
        },
        {
          "name": "VU#436854",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/436854"
        },
        {
          "name": "20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
        },
        {
          "name": "16100",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/16100"
        },
        {
          "name": "43158",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0354",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1025017",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025017"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
            },
            {
              "name": "8060",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8060"
            },
            {
              "name": "46107",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46107"
            },
            {
              "name": "VU#436854",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/436854"
            },
            {
              "name": "20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
            },
            {
              "name": "16100",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/16100"
            },
            {
              "name": "43158",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0354",
    "datePublished": "2011-02-03T15:00:00",
    "dateReserved": "2011-01-07T00:00:00",
    "dateUpdated": "2024-08-06T21:51:08.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0354\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2011-02-03T16:00:02.570\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.\"},{\"lang\":\"es\",\"value\":\"La configuraci\u00f3n por defecto de Cisco Tandberg C Series Endpoints, y Tandberg E y EX Personal Video units, con el software anterior a TC4.0.0 tiene una contrase\u00f1a en blanco para la cuenta de root, lo que permite que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un m\u00e9todo de entrada no especificado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_endpoint:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"tc3.1.3\",\"matchCriteriaId\":\"A87B81CF-6847-4F05-824B-0D1466B7C9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_endpoint:tc2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B45456C-8D42-4C7F-B575-1A7DDBA237F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_endpoint:tc3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"029C0FEE-74CA-4E7E-B1F2-9DBDB67372BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA83FF69-F265-4DD6-8195-A9C907B40DA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C0562C3-F681-4D89-9076-54F007A691E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D6F6FD-3C4D-4D26-B5E4-AB229C8A0CD5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:tandberg_endpoint:c20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61F895B7-8F8D-4469-ABFC-CCE146A24DBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:tandberg_endpoint:c40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DB4373E-2E5B-433E-8FDB-602373A5F21E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:tandberg_endpoint:c60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E96385EC-31F4-4CC9-854A-0A5F7F8DBA20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:tandberg_endpoint:c90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94515F99-3636-411C-ACAB-330F12E89722\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"tc3.1.3\",\"matchCriteriaId\":\"F97F04E1-CC50-4E82-927E-5B408249A8C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA17CDAB-6DB2-4C08-887E-8E4BEA5BC489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6055257E-12D7-4091-9E58-CAE791390225\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31AB455A-C4E2-4872-B95D-025B4AB9686F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:tandberg_personal_video_unit:ex90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84116DE1-6669-46E8-BA25-BA43FAF6A4A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"te2.2.1\",\"matchCriteriaId\":\"CF91C5C8-FF37-4452-AA35-1EC458DFCF12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5AFD63E-784E-432E-9E42-ADDACCBAF095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD5A756A-E58E-41C9-B001-D0E39F8F513E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:tandberg_personal_video_unit:e20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77BC6923-BC31-4DEB-92C8-4FFEA26BA2E9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31AB455A-C4E2-4872-B95D-025B4AB9686F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:tandberg_personal_video_unit:ex60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFB7F8EA-7F3C-4B42-BDCC-213EAA9DC44B\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/43158\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8060\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://securitytracker.com/id?1025017\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=22314\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/16100\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/436854\",\"source\":\"psirt@cisco.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/46107\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/43158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1025017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=22314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/16100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/436854\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/46107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2011-0354

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-0354

Aliases

CVE-2011-0354

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0354",
    "description": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.",
    "id": "GSD-2011-0354"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0354"
      ],
      "details": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.",
      "id": "GSD-2011-0354",
      "modified": "2023-12-13T01:19:04.445523Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2011-0354",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1025017",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1025017"
          },
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
          },
          {
            "name": "8060",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8060"
          },
          {
            "name": "46107",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46107"
          },
          {
            "name": "VU#436854",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/436854"
          },
          {
            "name": "20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
          },
          {
            "name": "16100",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/16100"
          },
          {
            "name": "43158",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43158"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_endpoint:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "tc3.1.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_endpoint:tc2.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_endpoint:tc3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:tandberg_endpoint:c90:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:tandberg_endpoint:c60:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:tandberg_endpoint:c40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:tandberg_endpoint:c20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "tc3.1.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:tandberg_personal_video_unit:ex90:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te2.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "te2.2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:tandberg_personal_video_unit:e20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:tandberg_personal_video_unit:ex60:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0354"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
            },
            {
              "name": "46107",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46107"
            },
            {
              "name": "1025017",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1025017"
            },
            {
              "name": "16100",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "http://www.exploit-db.com/exploits/16100"
            },
            {
              "name": "20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
            },
            {
              "name": "VU#436854",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/436854"
            },
            {
              "name": "43158",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43158"
            },
            {
              "name": "8060",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8060"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-09-22T03:28Z",
      "publishedDate": "2011-02-03T16:00Z"
    }
  }
}

CERTA-2011-AVI-638

Vulnerability from certfr_avis

Un défaut de configuration dans les produits cités plus haut pourrait permettre à une personne malveillante de prendre le contrôle total du système à distance.

Description

Les dispositifs Tanberg possèdent leur compte administrateur (root) activé par défaut, sans mot de passe, ce qui était initialement prévu pour des tâches de déboguage mais non nécessaire lors des opérations normales.

Certains dispositifs Cisco TelePresence ont été distribués avec une configuration non sécurisée. La vulnérabilité est due à un échec de restauration de la configuration par défaut après avoir fait des tests et configuré des options. Ces dispositifs pourraient avoir leur compte administrateur (root) activé et configuré avec un mot de passe connu.

Une personne malveillante pourrait prendre le contrôle total d'un de ces systèmes à distance.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco TelePresence System Integrator C Series avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;
Cisco	N/A	Cisco TelePresence Quick Set avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;
Cisco	N/A	Tandberg E, EX et C Series Endpoints avec les versions logicielles antérieures à TC4.0.
Cisco	N/A	Cisco TelePresence Ex C Series avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20110202-tandberg	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20111109-telepresence-c-ex-series	None	vendor-advisory
Bulletin de sécurité Cisco 20111109-telepresence-c-ex-series du 09 novembre 2011 :	-	other
Bulletin de sécurité Cisco 20110202 du 2 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco TelePresence System Integrator C Series avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Quick Set avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Tandberg E, EX et C Series Endpoints avec les versions logicielles ant\u00e9rieures \u00e0 TC4.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Ex C Series avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes dispositifs Tanberg poss\u00e8dent leur compte administrateur (root)\nactiv\u00e9 par d\u00e9faut, sans mot de passe, ce qui \u00e9tait initialement pr\u00e9vu\npour des t\u00e2ches de d\u00e9boguage mais non n\u00e9cessaire lors des op\u00e9rations\nnormales.\n\nCertains dispositifs Cisco TelePresence ont \u00e9t\u00e9 distribu\u00e9s avec une\nconfiguration non s\u00e9curis\u00e9e. La vuln\u00e9rabilit\u00e9 est due \u00e0 un \u00e9chec de\nrestauration de la configuration par d\u00e9faut apr\u00e8s avoir fait des tests\net configur\u00e9 des options. Ces dispositifs pourraient avoir leur compte\nadministrateur (root) activ\u00e9 et configur\u00e9 avec un mot de passe connu.\n\nUne personne malveillante pourrait prendre le contr\u00f4le total d\u0027un de ces\nsyst\u00e8mes \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0997"
    },
    {
      "name": "CVE-2011-0354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0354"
    }
  ],
  "initial_release_date": "2011-11-15T00:00:00",
  "last_revision_date": "2011-11-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco    20111109-telepresence-c-ex-series du 09 novembre 2011 :",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111109-telepresence-c-ex-series"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110202 du 2 f\u00e9vrier 2011 :",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110202-tandberg"
    }
  ],
  "reference": "CERTA-2011-AVI-638",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Un d\u00e9faut de configuration dans les produits cit\u00e9s plus haut pourrait\npermettre \u00e0 une personne malveillante de prendre le contr\u00f4le total du\nsyst\u00e8me \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits Cisco TelePresence et Tandberg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20110202-tandberg",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20111109-telepresence-c-ex-series",
      "url": null
    }
  ]
}

CERTA-2011-AVI-054

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans TC pour les produits TANDBERG. Elle permet à un utilisateur malintentionné d'accéder au système avec des privilèges administrateur.

Description

Une vulnérabilité a été corrigée dans TC pour les produits TANDBERG. L'absence de mot de passe pour un compte d'administration permet à un utilisateur malintentionné d'accéder au système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	TANDBERG E/EX Personal Video utilisant une version de TC inférieure à la version 4.0.0.
	N/A	N/A	TANDBERG C Series Endpoints utilisant une version de TC inférieure à la version 4.0.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 20110202-tandberg du 2 Février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 20110202-tandberg du 02 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TANDBERG E/EX Personal Video utilisant une version de TC inf\u00e9rieure \u00e0 la version 4.0.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "TANDBERG C Series Endpoints utilisant une version de TC inf\u00e9rieure \u00e0 la version 4.0.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans TC pour les produits TANDBERG.\nL\u0027absence de mot de passe pour un compte d\u0027administration permet \u00e0 un\nutilisateur malintentionn\u00e9 d\u0027acc\u00e9der au syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0354"
    }
  ],
  "initial_release_date": "2011-02-04T00:00:00",
  "last_revision_date": "2011-02-04T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110202-tandberg du 02 f\u00e9vrier    2011 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml"
    }
  ],
  "reference": "CERTA-2011-AVI-054",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans TC pour les produits TANDBERG.\nElle permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027acc\u00e9der au syst\u00e8me avec\ndes privil\u00e8ges administrateur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits TANDBERG",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110202-tandberg du 2 F\u00e9vrier 2011",
      "url": null
    }
  ]
}

fkie_cve-2011-0354

Vulnerability from fkie_nvd

Published

2011-02-03 16:00

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/43158	Vendor Advisory
psirt@cisco.com	http://securityreason.com/securityalert/8060
psirt@cisco.com	http://securitytracker.com/id?1025017
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=22314
psirt@cisco.com	http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml	Vendor Advisory
psirt@cisco.com	http://www.exploit-db.com/exploits/16100
psirt@cisco.com	http://www.kb.cert.org/vuls/id/436854	US Government Resource
psirt@cisco.com	http://www.securityfocus.com/bid/46107
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43158	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8060
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025017
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=22314
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/16100
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/436854	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46107

Impacted products

Vendor	Product	Version
cisco	tandberg_endpoint	*
cisco	tandberg_endpoint	tc2.1.2
cisco	tandberg_endpoint	tc3.0.0
cisco	tandberg_endpoint	tc3.1.0
cisco	tandberg_endpoint	tc3.1.1
cisco	tandberg_endpoint	tc3.1.2
cisco	tandberg_endpoint	c20
cisco	tandberg_endpoint	c40
cisco	tandberg_endpoint	c60
cisco	tandberg_endpoint	c90
cisco	tandberg_personal_video_unit_software	*
cisco	tandberg_personal_video_unit_software	tc3.1.0
cisco	tandberg_personal_video_unit_software	tc3.1.1
cisco	tandberg_personal_video_unit_software	tc3.1.2
cisco	tandberg_personal_video_unit	ex90
cisco	tandberg_personal_video_unit_software	*
cisco	tandberg_personal_video_unit_software	te1.0.1
cisco	tandberg_personal_video_unit_software	te2.2.0
cisco	tandberg_personal_video_unit	e20
cisco	tandberg_personal_video_unit_software	tc3.1.2
cisco	tandberg_personal_video_unit	ex60

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_endpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B81CF-6847-4F05-824B-0D1466B7C9A6",
              "versionEndIncluding": "tc3.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_endpoint:tc2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B45456C-8D42-4C7F-B575-1A7DDBA237F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_endpoint:tc3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "029C0FEE-74CA-4E7E-B1F2-9DBDB67372BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA83FF69-F265-4DD6-8195-A9C907B40DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C0562C3-F681-4D89-9076-54F007A691E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94D6F6FD-3C4D-4D26-B5E4-AB229C8A0CD5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:tandberg_endpoint:c20:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F895B7-8F8D-4469-ABFC-CCE146A24DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:tandberg_endpoint:c40:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB4373E-2E5B-433E-8FDB-602373A5F21E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:tandberg_endpoint:c60:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96385EC-31F4-4CC9-854A-0A5F7F8DBA20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:tandberg_endpoint:c90:*:*:*:*:*:*:*",
              "matchCriteriaId": "94515F99-3636-411C-ACAB-330F12E89722",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97F04E1-CC50-4E82-927E-5B408249A8C2",
              "versionEndIncluding": "tc3.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA17CDAB-6DB2-4C08-887E-8E4BEA5BC489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6055257E-12D7-4091-9E58-CAE791390225",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "31AB455A-C4E2-4872-B95D-025B4AB9686F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:tandberg_personal_video_unit:ex90:*:*:*:*:*:*:*",
              "matchCriteriaId": "84116DE1-6669-46E8-BA25-BA43FAF6A4A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF91C5C8-FF37-4452-AA35-1EC458DFCF12",
              "versionEndIncluding": "te2.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5AFD63E-784E-432E-9E42-ADDACCBAF095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5A756A-E58E-41C9-B001-D0E39F8F513E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:tandberg_personal_video_unit:e20:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BC6923-BC31-4DEB-92C8-4FFEA26BA2E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "31AB455A-C4E2-4872-B95D-025B4AB9686F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:tandberg_personal_video_unit:ex60:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB7F8EA-7F3C-4B42-BDCC-213EAA9DC44B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto de Cisco Tandberg C Series Endpoints, y Tandberg E y EX Personal Video units, con el software anterior a TC4.0.0 tiene una contrase\u00f1a en blanco para la cuenta de root, lo que permite que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un m\u00e9todo de entrada no especificado."
    }
  ],
  "id": "CVE-2011-0354",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-03T16:00:02.570",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43158"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securityreason.com/securityalert/8060"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1025017"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.exploit-db.com/exploits/16100"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/436854"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/46107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/16100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/436854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46107"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201102-0212

Vulnerability from variot

The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. The software version of the Tandberg unit can be determined by logging into the web-based user interface (UI) or using the “xStatus SystemUnit” command. Users can determine the Tandberg software version by entering the IP address of the codec in a web browser, authenticating (if the device is configured for authentication), and then selecting the “system info” menu option. The version number is displayed after the “Software Version” label in the System Info box. Alternatively the software version can be determined from the device's application programmer interface using the “xStatus SystemUnit” command. The software version running on the codec is displayed after the “SystemUnit Software Version” label. The output from “xStatus SystemUnit” will display a result similar to the following:” xStatus SystemUnit * s SystemUnit ProductType: “Cisco TelePresence Codec” s SystemUnit ProductId: “Cisco TelePresence Codec C90” s SystemUnit ProductPlatform: “C90” s SystemUnit Uptime: 597095 s SystemUnit Software Application: “Endpoint” s SystemUnit Software Version: “TC4.0” s SystemUnit Software Name: “s52000” s SystemUnit Software ReleaseDate: “2010-11-01” s SystemUnit Software MaxVideoCalls: 3 s SystemUnit Software MaxAudioCalls: 4 s SystemUnit Software ReleaseKey: “true” s SystemUnit Software OptionKeys NaturalPresenter: “true” s SystemUnit Software OptionKeys MultiSite: “true” s SystemUnit Software OptionKeys PremiumResolution: “true” s SystemUnit Hardware Module SerialNumber: “B1AD25A00003” s SystemUnit Hardware Module Identifier: “0” s SystemUnit Hardware MainBoard SerialNumber: “PH0497201” s SystemUnit Hardware MainBoard Identifier: “101401-3 [04]“ s SystemUnit Hardware VideoBoard SerialNumber: “PH0497874” s SystemUnit Hardware VideoBoard Identifier: “101560-1 [02]“ s SystemUnit Hardware AudioBoard SerialNumber: “N/A” s SystemUnit Hardware AudioBoard Identifier: ”“ s SystemUnit Hardware BootSoftware: “U-Boot 2009.03-65” s SystemUnit State System: Initialized s SystemUnit State MaxNumberOfCalls: 3 s SystemUnit State MaxNumberOfActiveCalls: 3 s SystemUnit State NumberOfActiveCalls: 1 s SystemUnit State NumberOfSuspendedCalls: 0 s SystemUnit State NumberOfInProgressCalls: 0 s SystemUnit State Subsystem Application: Initialized *s SystemUnit ContactInfo: “helpdesk@company.com” ** endA third party who has access to the product may gain administrator privileges. Cisco's multiple TANDBERG products have security vulnerabilities that allow local malicious users to gain control of the product. Determine the version of Tandberg. An attacker can exploit this issue to gain unauthorized root access to the affected devices. Successful exploits will result in the complete compromise of the affected device. ----------------------------------------------------------------------

Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

Request a free trial: http://secunia.com/products/corporate/vim/

TITLE: TANDBERG Products Root Default Password Security Issue

SECUNIA ADVISORY ID: SA43158

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43158

RELEASE DATE: 2011-02-04

DISCUSS ADVISORY: http://secunia.com/advisories/43158/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/43158/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=43158

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A security issue has been reported in multiple TANDBERG products, which can be exploited by malicious people to compromise a vulnerable system.

PROVIDED AND/OR DISCOVERED BY: Reported by xorcist in an article of the 2600 magazine (volume 27,

3).

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. An attacker could use this account in order to modify the application configuration or operating system settings.

Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml.

Details

Tandberg devices are part of the Cisco TelePresence Systems that provide Cisco TelePresence endpoints for immersive environments, conference rooms, individual desktops and home offices.

These devices contain a root user that is enabled for advanced debugging that is unnecessary during normal operations. The root account is not the same as the admin and user accounts. The default configuration prior to TC 4.0.0 does not set a password for the root user.

When a device is upgraded to TC 4.0.0, the root user is disabled.

This vulnerability has been assigned the CVE ID CVE-2011-0354.

Vulnerability Scoring Details

Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

Root account enabled by default with no password

CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete

CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed

Impact

Successful exploitation of the vulnerability may allow an unauthorized user to modify the application configuration and the operating system settings or gain complete administrative control of the device.

Software Versions and Fixes

When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.

Workarounds

The root user is disabled in the default configuration starting in the TC4.0.0 software version. To disable the root account, an administrator should log in to the applications programmer interface and use the command "systemtools rootsettings off" to temporarily disable the account, or the command "systemtools rootsettings never" to permanently disable the root user.

The root user is enabled for advanced debugging. If the root user is needed, the password should be configured when the account is enabled. This can be done through the command "systemtools rootsettings on [password]". To disable the root account, an administrator should log in to the applications programmer interface and use the command "systemtools rootsettings off" to temporarily disable the account, or the command "systemtools rootsettings never" to permanently disable the root user.

The default configuration of devices running TC4.0.0 does not contain a password for the administrator account. The password for the administrator account should be set with the command "xCommand SystemUnit AdminPassword Set Password: [password]. The password for the root account is the same as the administrator password. The administrator password is set with the command "xCommand SystemUnit AdminPassword Set Password: [password]".

Obtaining Fixed Software

Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml

Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.

Customers with Service Contracts +-------------------------------

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.

Customers using Third Party Support Organizations +------------------------------------------------

Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.

The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.

Customers without Service Contracts +----------------------------------

Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.

+1 800 553 2447 (toll free from within North America)
+1 408 526 7209 (toll call from anywhere in the world)
e-mail: tac@cisco.com

Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.

Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.

Exploitation and Public Announcements

This vulnerability has been discussed in the article "Hacking and Securing the Tandberg C20" published in Volume 27, Number 3 of the 2600 Magazine.

Status of this Notice: FINAL

This information is Cisco Highly Confidential - Do not redistribute.

THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN ERRORS OR OMIT IMPORTANT INFORMATION.

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

Distribution

This advisory is posted on Cisco's worldwide website at:

http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml

In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.

cust-security-announce@cisco.com
first-bulletins@lists.first.org
bugtraq@securityfocus.com
vulnwatch@vulnwatch.org
cisco@spot.colorado.edu
cisco-nsp@puck.nether.net
full-disclosure@lists.grok.org.uk
comp.dcom.sys.cisco@newsgate.cisco.com

Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.

Revision History

+---------------------------------------+ | Revision | | Initial | | 1.0 | 2011-Feb-02 | public | | | | release. | +---------------------------------------+

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.

+-------------------------------------------------------------------- All contents are Copyright 2011-2007 Cisco Systems, Inc. All rights reserved. +--------------------------------------------------------------------

Updated: Feb 02, 2011 Document ID: 112247 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iF4EAREIAAYFAk1JjBQACgkQQXnnBKKRMNDwoAD/drZn3b3jiAKxHxsn8YUdNzOu KgtSit4dAjrrKx41AXkA/29dkXOf0nZu4y00cBHOGhKMkyj5DAZrkT6aqyvgnZmA =4vVm -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0212",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "tc2.1.2"
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "tc3.1.2"
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "tc3.1.1"
      },
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "tc3.1.1"
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "tc3.1.0"
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "te1.0.1"
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "te2.2.0"
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "te2.2.1"
      },
      {
        "model": "tandberg personal video unit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "e20"
      },
      {
        "model": "tandberg endpoint",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "tc3.1.3"
      },
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "tc3.1.0"
      },
      {
        "model": "tandberg personal video unit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "ex90"
      },
      {
        "model": "tandberg personal video unit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "ex60"
      },
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "c20"
      },
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "tc3.1.2"
      },
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "c90"
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "tc3.1.3"
      },
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "c40"
      },
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "c60"
      },
      {
        "model": "tandberg endpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "tc3.0.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg c series endpoints",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg e/ex personal video units",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg e20",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg ex60",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg ex90",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg code c20",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg code c40",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg code c60",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg code c90",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "te2.2.1"
      },
      {
        "model": "tandberg personal video unit software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "tc3.1.3"
      },
      {
        "model": "tandberg ex90",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg ex60",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codec c90",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codec c60",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codec c40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codec c20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#436854"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "db": "BID",
        "id": "46107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0354"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:tandberg_endpoint",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:tandberg_personal_video_unit",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "2600 Magazine",
    "sources": [
      {
        "db": "BID",
        "id": "46107"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-0354",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-0354",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-48299",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-0354",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#436854",
            "trust": 0.8,
            "value": "99.00"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-0354",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201102-049",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-48299",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#436854"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0354"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. The software version of the Tandberg unit can be determined by logging into the web-based user interface (UI) or using the \u201cxStatus SystemUnit\u201d command. Users can determine the Tandberg software version by entering the IP address of the codec in a web browser, authenticating (if the device is configured for authentication), and then selecting the \u201csystem info\u201d menu option. The version number is displayed after the \u201cSoftware Version\u201d label in the System Info box. Alternatively the software version can be determined from the device\u0027s application programmer interface using the \u201cxStatus SystemUnit\u201d command. The software version running on the codec is displayed after the \u201cSystemUnit Software Version\u201d label. The output from \u201cxStatus SystemUnit\u201d will display a result similar to the following:\u201d xStatus SystemUnit * *s SystemUnit ProductType: \u201cCisco TelePresence Codec\u201d *s SystemUnit ProductId: \u201cCisco TelePresence Codec C90\u201d *s SystemUnit ProductPlatform: \u201cC90\u201d *s SystemUnit Uptime: 597095 *s SystemUnit Software Application: \u201cEndpoint\u201d *s SystemUnit Software Version: \u201cTC4.0\u201d *s SystemUnit Software Name: \u201cs52000\u201d *s SystemUnit Software ReleaseDate: \u201c2010-11-01\u201d *s SystemUnit Software MaxVideoCalls: 3 *s SystemUnit Software MaxAudioCalls: 4 *s SystemUnit Software ReleaseKey: \u201ctrue\u201d *s SystemUnit Software OptionKeys NaturalPresenter: \u201ctrue\u201d *s SystemUnit Software OptionKeys MultiSite: \u201ctrue\u201d *s SystemUnit Software OptionKeys PremiumResolution: \u201ctrue\u201d *s SystemUnit Hardware Module SerialNumber: \u201cB1AD25A00003\u201d *s SystemUnit Hardware Module Identifier: \u201c0\u201d *s SystemUnit Hardware MainBoard SerialNumber: \u201cPH0497201\u201d *s SystemUnit Hardware MainBoard Identifier: \u201c101401-3 [04]\u201c *s SystemUnit Hardware VideoBoard SerialNumber: \u201cPH0497874\u201d *s SystemUnit Hardware VideoBoard Identifier: \u201c101560-1 [02]\u201c *s SystemUnit Hardware AudioBoard SerialNumber: \u201cN/A\u201d *s SystemUnit Hardware AudioBoard Identifier: \u201d\u201c *s SystemUnit Hardware BootSoftware: \u201cU-Boot 2009.03-65\u201d *s SystemUnit State System: Initialized *s SystemUnit State MaxNumberOfCalls: 3 *s SystemUnit State MaxNumberOfActiveCalls: 3 *s SystemUnit State NumberOfActiveCalls: 1 *s SystemUnit State NumberOfSuspendedCalls: 0 *s SystemUnit State NumberOfInProgressCalls: 0 *s SystemUnit State Subsystem Application: Initialized *s SystemUnit ContactInfo: \u201chelpdesk@company.com\u201d ** endA third party who has access to the product may gain administrator privileges. Cisco\u0027s multiple TANDBERG products have security vulnerabilities that allow local malicious users to gain control of the product. Determine the version of Tandberg. \nAn attacker can exploit this issue to gain unauthorized root access to the affected devices. Successful exploits will result in the complete compromise of the affected device. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nTANDBERG Products Root Default Password Security Issue\n\nSECUNIA ADVISORY ID:\nSA43158\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43158/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43158\n\nRELEASE DATE:\n2011-02-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43158/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43158/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43158\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in multiple TANDBERG products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by xorcist in an article of the 2600 magazine (volume 27,\n#3). \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. An\nattacker could use this account in order to modify the application\nconfiguration or operating system settings. \n\nResolving this default password issue does not require a software\nupgrade and can be changed or disabled by a configuration command for\nall affected customers. The workaround detailed in this document\ndemonstrates how to disable the root account or change the password. \n\nThis advisory is posted at \nhttp://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml. \n\nDetails\n=======\n\nTandberg devices are part of the Cisco TelePresence Systems that\nprovide Cisco TelePresence endpoints for immersive environments,\nconference rooms, individual desktops and home offices. \n\nThese devices contain a root user that is enabled for advanced\ndebugging that is unnecessary during normal operations. The root\naccount is not the same as the admin and user accounts. The\ndefault configuration prior to TC 4.0.0 does not set a password for\nthe root user. \n\nWhen a device is upgraded to TC 4.0.0, the root user is disabled. \n\nThis vulnerability has been assigned the CVE ID CVE-2011-0354. \n\nVulnerability Scoring Details\n=============================\n\nCisco has provided scores for the vulnerabilities in this advisory\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\nscoring in this Security Advisory is done in accordance with CVSS\nversion 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of\nthe vulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* Root account enabled by default with no password  \n\nCVSS Base Score - 10\n    Access Vector -            Network\n    Access Complexity -        Low\n    Authentication -           None\n    Confidentiality Impact -   Complete \n    Integrity Impact -         Complete \n    Availability Impact -      Complete\n\nCVSS Temporal Score - 8.3\n    Exploitability -           Functional\n    Remediation Level -        Official-Fix\n    Report Confidence -        Confirmed\n\n\nImpact\n======\n\nSuccessful exploitation of the vulnerability may allow an\nunauthorized user to modify the application configuration and the\noperating system settings or gain complete administrative control of\nthe device. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult \nhttp://www.cisco.com/go/psirt \nand any subsequent advisories to determine exposure and a\ncomplete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nWorkarounds\n===========\n\nThe root user is disabled in the default configuration starting in\nthe TC4.0.0 software version. To disable the root account, an\nadministrator should log in to the applications programmer interface\nand use the command \"systemtools rootsettings off\" to temporarily\ndisable the account, or the command \"systemtools rootsettings never\"\nto permanently disable the root user. \n\nThe root user is enabled for advanced debugging. If the root user is\nneeded, the password should be configured when the account is\nenabled. This can be done through the command \"systemtools\nrootsettings on [password]\". To disable the root account, an\nadministrator should log in to the applications programmer interface\nand use the command \"systemtools rootsettings off\" to temporarily\ndisable the account, or the command \"systemtools rootsettings never\"\nto permanently disable the root user. \n\nThe root user is enabled for advanced debugging. If the root user is\nneeded, the password should be configured when the account is\nenabled. This can be done through the command \"systemtools\nrootsettings on [password]\". \n\nThe default configuration of devices running TC4.0.0 does not contain\na password for the administrator account. The password for the\nadministrator account should be set with the command \"xCommand\nSystemUnit AdminPassword Set Password: [password]. The password for the root account is the same as\nthe administrator password. The administrator password is set with\nthe command \"xCommand SystemUnit AdminPassword Set Password:\n[password]\". \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should\nconsult their maintenance provider or check the software for feature\nset compatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature sets\nthey have purchased. By installing, downloading, accessing or\notherwise using such software upgrades, customers agree to be bound\nby the terms of Cisco\u0027s software license terms found at \nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,\nor as otherwise set forth at Cisco.com Downloads at \nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for\nsoftware upgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through\ntheir regular update channels. For most customers, this means that\nupgrades should be obtained through the Software Center on Cisco\u0027s\nworldwide website at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through\nprior or existing agreements with third-party support organizations,\nsuch as Cisco Partners, authorized resellers, or service providers\nshould contact that support organization for guidance and assistance\nwith the appropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or\nfix is the most appropriate for use in the intended network before it\nis deployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco\nservice contract, and customers who purchase through third-party\nvendors but are unsuccessful in obtaining fixed software through\ntheir point of sale should acquire upgrades by contacting the Cisco\nTechnical Assistance Center (TAC). TAC contacts are as follows. \n\n  * +1 800 553 2447 (toll free from within North America)\n  * +1 408 526 7209 (toll call from anywhere in the world)\n  * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to\na free upgrade. Free upgrades for non-contract customers must be\nrequested through the TAC. \n\nRefer to \nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html \nfor additional TAC contact information, including localized telephone \nnumbers, and instructions and e-mail addresses for use in various \nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThis vulnerability has been discussed in the article \"Hacking and\nSecuring the Tandberg C20\" published in Volume 27, Number 3 of the\n2600 Magazine. \n\nStatus of this Notice: FINAL\n============================\n\nThis information is Cisco Highly Confidential - Do not redistribute. \n\nTHIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED\nINFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS\nLIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN\nERRORS OR OMIT IMPORTANT INFORMATION. \n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml\n\nIn addition to worldwide web posting, a text version of this notice\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\nfollowing e-mail and Usenet news recipients. \n\n  * cust-security-announce@cisco.com\n  * first-bulletins@lists.first.org\n  * bugtraq@securityfocus.com\n  * vulnwatch@vulnwatch.org\n  * cisco@spot.colorado.edu\n  * cisco-nsp@puck.nether.net\n  * full-disclosure@lists.grok.org.uk\n  * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on\nmailing lists or newsgroups. Users concerned about this problem are\nencouraged to check the above URL for any updates. \n\nRevision History\n================\n\n+---------------------------------------+\n| Revision |             | Initial      |\n| 1.0      | 2011-Feb-02 | public       |\n|          |             | release.     |\n+---------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco\u0027s worldwide website at \nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding Cisco security notices. \nAll Cisco security advisories are available at \nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nAll contents are Copyright 2011-2007 Cisco Systems, Inc. All rights\nreserved. \n+--------------------------------------------------------------------\n\nUpdated: Feb 02, 2011                             Document ID: 112247\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.14 (Darwin)\n\niF4EAREIAAYFAk1JjBQACgkQQXnnBKKRMNDwoAD/drZn3b3jiAKxHxsn8YUdNzOu\nKgtSit4dAjrrKx41AXkA/29dkXOf0nZu4y00cBHOGhKMkyj5DAZrkT6aqyvgnZmA\n=4vVm\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-0354"
      },
      {
        "db": "CERT/CC",
        "id": "VU#436854"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "db": "BID",
        "id": "46107"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48299"
      },
      {
        "db": "PACKETSTORM",
        "id": "98132"
      },
      {
        "db": "PACKETSTORM",
        "id": "98113"
      }
    ],
    "trust": 3.42
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-48299",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48299"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#436854",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0354",
        "trust": 3.5
      },
      {
        "db": "SECUNIA",
        "id": "43158",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "46107",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1025017",
        "trust": 2.5
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16100",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "8060",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-049",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20110202 DEFAULT CREDENTIALS FOR ROOT ACCOUNT ON TANDBERG E, EX AND C SERIES ENDPOINTS",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "16399",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "98113",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-70658",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-48299",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "98132",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#436854"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48299"
      },
      {
        "db": "BID",
        "id": "46107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "db": "PACKETSTORM",
        "id": "98132"
      },
      {
        "db": "PACKETSTORM",
        "id": "98113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0354"
      }
    ]
  },
  "id": "VAR-201102-0212",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48299"
      }
    ],
    "trust": 1.5571428714285716
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:06:33.615000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20110202-tandberg",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml"
      },
      {
        "title": "22314",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
      },
      {
        "title": "TANDBERG Software Downloads",
        "trust": 0.8,
        "url": "http://www.tandberg.com/support/video-conferencing-software-download.jsp?t=2"
      },
      {
        "title": "cisco-sa-20110202-tandberg",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/110/1103/1103540_cisco-sa-20110202-tandberg-j.html"
      },
      {
        "title": "Cisco TANDBERG C-Series and E/EX Series Default Account Verification Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/2800"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0354"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/436854"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/46107"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1025017"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/43158"
      },
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/en/us/products/ps11422/products_security_advisory09186a0080b69541.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22314"
      },
      {
        "trust": 1.7,
        "url": "http://www.exploit-db.com/exploits/16100"
      },
      {
        "trust": 1.1,
        "url": "http://securityreason.com/securityalert/8060"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml"
      },
      {
        "trust": 0.9,
        "url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/43158/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0354"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu436854"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0354"
      },
      {
        "trust": 0.6,
        "url": "http://www.cisco.com/en/us/products/ps11422/products_security_advisory09186a0080b69541.shtmlhttp"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/16399"
      },
      {
        "trust": 0.4,
        "url": "http://www.tandberg.com/support/video-conferencing-software-download.jsp?t=2"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/516126"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43158/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43158"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0354"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html,"
      },
      {
        "trust": 0.1,
        "url": "http://intellishield.cisco.com/security/alertmanager/cvss"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#436854"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48299"
      },
      {
        "db": "BID",
        "id": "46107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "db": "PACKETSTORM",
        "id": "98132"
      },
      {
        "db": "PACKETSTORM",
        "id": "98113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0354"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#436854"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48299"
      },
      {
        "db": "BID",
        "id": "46107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "db": "PACKETSTORM",
        "id": "98132"
      },
      {
        "db": "PACKETSTORM",
        "id": "98113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0354"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-02-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#436854"
      },
      {
        "date": "2011-02-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "date": "2011-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48299"
      },
      {
        "date": "2010-10-24T00:00:00",
        "db": "BID",
        "id": "46107"
      },
      {
        "date": "2011-03-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "date": "2011-02-03T05:24:37",
        "db": "PACKETSTORM",
        "id": "98132"
      },
      {
        "date": "2011-02-03T07:24:17",
        "db": "PACKETSTORM",
        "id": "98113"
      },
      {
        "date": "2011-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      },
      {
        "date": "2011-02-03T16:00:02.570000",
        "db": "NVD",
        "id": "CVE-2011-0354"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-02-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#436854"
      },
      {
        "date": "2011-02-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-0431"
      },
      {
        "date": "2011-09-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48299"
      },
      {
        "date": "2011-02-03T14:52:00",
        "db": "BID",
        "id": "46107"
      },
      {
        "date": "2011-03-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001149"
      },
      {
        "date": "2011-02-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      },
      {
        "date": "2024-11-21T01:23:49.123000",
        "db": "NVD",
        "id": "CVE-2011-0354"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Tandberg E, EX, and C Series default root credentials",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#436854"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-049"
      }
    ],
    "trust": 0.6
  }
}

ghsa-xh4x-ff3x-6rcx

Vulnerability from github

Published

2022-05-17 05:39

Modified

2022-05-17 05:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0354"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-02-03T16:00:00Z",
    "severity": "HIGH"
  },
  "details": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.",
  "id": "GHSA-xh4x-ff3x-6rcx",
  "modified": "2022-05-17T05:39:03Z",
  "published": "2022-05-17T05:39:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0354"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43158"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8060"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025017"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/16100"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/436854"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46107"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-0354 (GCVE-0-2011-0354)

Vulnerability from cvelistv5

gsd-2011-0354

Vulnerability from gsd

CERTA-2011-AVI-638

Vulnerability from certfr_avis

Description

Solution

CERTA-2011-AVI-054

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2011-0354

Vulnerability from fkie_nvd

var-201102-0212

Vulnerability from variot

3).

Details

Vulnerability Scoring Details

Impact

Software Versions and Fixes

Workarounds

Obtaining Fixed Software

Exploitation and Public Announcements

Status of this Notice: FINAL

Distribution

Revision History

Cisco Security Procedures

ghsa-xh4x-ff3x-6rcx

Vulnerability from github

Tags

Sightings

Nomenclature