Default Password Vulnerability in Cisco TelePresence System Software
CVE-2013-3454

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Tx9000; Telepresence System Tx9200; Telepresence System Software
Vendor: CVE Published:; 8 August 2013

What is CVE-2013-3454?

The Cisco TelePresence System Software prior to version 1.10.1 on multiple device models, including 500, 13X0, 1X00, 30X0, and 3X00, as well as version 6.0.3 and earlier on TX 9X00 devices, contains a significant security flaw due to the presence of a default password for the pwrecovery account. This poses a risk as it allows remote attackers to exploit these default credentials, enabling them to modify configurations or execute arbitrary commands via HTTPS requests, thereby compromising the security and integrity of the affected systems.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 8, 2013