CVE-2010-4304

The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048.

Published: Nov 22, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-4304
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
cisco / unified_videoconferencing_system_5110_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_5115_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_5110	-	-
cisco / unified_videoconferencing_system_5115	-	-
cisco / unified_videoconferencing_system_3515_multipoint_control_unit_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_3545_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_5230_firmware	7.0.1.13.3	7.0.1.13.3.x
cisco / unified_videoconferencing_system_3515_multipoint_control_unit	-	-
cisco / unified_videoconferencing_system_3522_basic_rate_interface_gateway	-	-
cisco / unified_videoconferencing_system_3527_primary_rate_interface_gateway	-	-
cisco / unified_videoconferencing_system_3545	-	-
cisco / unified_videoconferencing_system_5230	-	-

Vulnerability Database

290,020

CVE-2010-4304