Local Users Can Access Encrypted Passwords in Cisco Videoconferencing Products
CVE-2010-4303

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Videoconferencing System 5110 Firmware; Unified Videoconferencing System 5115 Firmware; Unified Videoconferencing System 5110; Unified Videoconferencing System 5115
Vendor: CVE Published:; 22 November 2010

Summary

The Cisco Unified Videoconferencing System 5110 and 5115 running on Linux has a serious vulnerability due to world-readable permissions for the /etc/shadow file. This misconfiguration permits local users to read sensitive encrypted passwords, potentially compromising user accounts and exposing the system to unauthorized access. Organizations using these videoconferencing systems should take immediate action to secure the /etc/shadow file and prevent local access to sensitive credential information.

References

http://www.trustmatta.com/advisories/MATTA-2010-001.txt

x_refsource_MISC

http://www.cisco.com/en/US/products/products_security_res...

vendor-advisoryx_refsource_CISCO

http://seclists.org/fulldisclosure/2010/Nov/167

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 22, 2010