Vulnerabilities > CVE-2009-4510 - Cryptographic Issues vulnerability in Vsecurity Tandberg Video Communication Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family | Gain a shell remotely |
NASL id | TANDBERG_VCS_SSH_KEY.NASL |
description | The remote device appears to be a TANDBERG Video Communication Server (VCS), an appliance supporting interoperation of video conferencing and unified communications devices. The fingerprint for the SSH service running on this device matches that of the host key distributed with some versions of the VCS firmware. Knowing this, a remote attacker may be able to impersonate or conduct man-in-the-middle attacks and gain shell access to the affected device. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 45545 |
published | 2010-04-14 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/45545 |
title | TANDBERG Video Communication Server Static SSH Host Keys |
code |
|