Shell Command Injection Vulnerability in Cisco Unified Videoconferencing Products
CVE-2010-3037

Currently unrated

Key Information:

Vendor
Cisco
Status
Unified Videoconferencing System 5110 Firmware
Unified Videoconferencing System 5115 Firmware
Unified Videoconferencing System 5110
Unified Videoconferencing System 5115
Vendor
CVE Published:
22 November 2010

Summary

The Cisco Unified Videoconferencing systems suffer from a shell command injection vulnerability within the goform/websXMLAdminRequestCgi.cgi component. This weakness permits remote authenticated administrators to execute arbitrary commands via the username field, potentially leading to unauthorized access and compromised system integrity. This vulnerability impacts several models, including the UVC System 5110, 5115, 3545, and 5230, as well as specific gateway and multipoint control unit systems. Organizations utilizing these products should apply security patches and adopt best practices to mitigate risks.

References

http://www.securityfocus.com/bid/44922
vdb-entryx_refsource_BID
http://www.trustmatta.com/advisories/MATTA-2010-001.txt
x_refsource_MISC
http://www.cisco.com/en/US/products/products_security_res...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.