Shell Command Injection Vulnerability in Cisco Unified Videoconferencing Products
CVE-2010-3037

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Videoconferencing System 5110 Firmware; Unified Videoconferencing System 5115 Firmware; Unified Videoconferencing System 5110; Unified Videoconferencing System 5115
Vendor: CVE Published:; 22 November 2010

What is CVE-2010-3037?

The Cisco Unified Videoconferencing systems suffer from a shell command injection vulnerability within the goform/websXMLAdminRequestCgi.cgi component. This weakness permits remote authenticated administrators to execute arbitrary commands via the username field, potentially leading to unauthorized access and compromised system integrity. This vulnerability impacts several models, including the UVC System 5110, 5115, 3545, and 5230, as well as specific gateway and multipoint control unit systems. Organizations utilizing these products should apply security patches and adopt best practices to mitigate risks.

References

http://www.securityfocus.com/bid/44922

vdb-entryx_refsource_BID

http://www.trustmatta.com/advisories/MATTA-2010-001.txt

x_refsource_MISC

http://www.cisco.com/en/US/products/products_security_res...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2010
Vulnerability Reserved
Aug 17, 2010