CVE-2010-4305

Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052.

Published: Nov 22, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-4305
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
cisco / unified_videoconferencing_system_5110_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_5115_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_5110	-	-
cisco / unified_videoconferencing_system_5115	-	-
cisco / unified_videoconferencing_system_3515_multipoint_control_unit_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_3545_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_5230_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_3515_multipoint_control_unit	-	-
cisco / unified_videoconferencing_system_3522_basic_rate_interface_gateway	-	-
cisco / unified_videoconferencing_system_3527_primary_rate_interface_gateway	-	-
cisco / unified_videoconferencing_system_3545	-	-
cisco / unified_videoconferencing_system_5230	-	-

Vulnerability Database

289,784

CVE-2010-4305