Remote Access Vulnerability in Cisco Mediator Framework Products
CVE-2010-0600

Currently unrated

Key Information:

Vendor: Cisco
Status: Mediator Framework
Vendor: CVE Published:; 27 May 2010

Summary

The Cisco Mediator Framework and associated products suffer from an improper access control vulnerability that permits unauthorized remote access to sensitive configuration files. This flaw can allow attackers to gain access to sensitive information, including passwords and account details, through XML RPC or XML RPC over HTTPS sessions. The affected versions of the Cisco Mediator Framework include 1.5.1 up to 1.5.1.build.14-eng, 2.2 up to 2.2.1.dev.1, and 3.0 up to 3.0.9.release.1, as well as the Network Building Mediators NBM-2400 and NBM-4800, and Richards-Zeta Mediator 2500.

References

http://securitytracker.com/id?1024027

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/40384

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
May 27, 2010
Vulnerability Reserved
Feb 10, 2010