Web Interface Credential Vulnerability in Cisco Unified Videoconferencing Products
CVE-2010-4305

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Videoconferencing System 5110 Firmware; Unified Videoconferencing System 5115 Firmware; Unified Videoconferencing System 5110; Unified Videoconferencing System 5115
Vendor: CVE Published:; 22 November 2010

Summary

The Cisco Unified Videoconferencing System products exhibit a vulnerability that stems from an improper handling of cookies during web interface sessions. This flaw enables remote attackers to access sensitive information through cleartext and base64-encoded cookies. The affected systems include multiple models of the Unified Videoconferencing product line, which could lead to unauthorized disclosure of credentials and a compromise of user data.

References

http://www.trustmatta.com/advisories/MATTA-2010-001.txt

x_refsource_MISC

http://www.cisco.com/en/US/products/products_security_res...

vendor-advisoryx_refsource_CISCO

http://seclists.org/fulldisclosure/2010/Nov/167

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 22, 2010