Session Hijacking Vulnerability in Cisco Unified Videoconferencing Products
CVE-2010-4304

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Videoconferencing System 5110 Firmware; Unified Videoconferencing System 5115 Firmware; Unified Videoconferencing System 5110; Unified Videoconferencing System 5115
Vendor: CVE Published:; 22 November 2010

Summary

The web interface of several Cisco Unified Videoconferencing products is vulnerable due to the use of predictable session IDs derived from time values. This predictability allows attackers to execute brute-force attacks to seize control of active sessions, potentially compromising confidential communications. It is essential for organizations utilizing these videoconferencing systems to apply necessary security measures to safeguard against unauthorized access.

References

http://www.trustmatta.com/advisories/MATTA-2010-001.txt

x_refsource_MISC

http://www.cisco.com/en/US/products/products_security_res...

vendor-advisoryx_refsource_CISCO

http://seclists.org/fulldisclosure/2010/Nov/167

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 22, 2010