Vulnerabilities > CVE-2013-3454 - Credentials Management vulnerability in Cisco products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-255

critical

NVD

Published: 2013-08-08

Updated: 2013-08-09

Summary

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.

Vulnerable Configurations

Part	Description	Count
Hardware	Cisco Cisco Telepresence System Tx9000 * Cisco Telepresence System Tx9200 * Cisco Telepresence System 1300 - Cisco Telepresence System 1300 65 - Cisco Telepresence System 3000 * Cisco Telepresence System 3010 * Cisco Telepresence System 3200 * Cisco Telepresence System 3210 * Cisco Telepresence System 500 32 - Cisco Telepresence System 500 37 -	10
Application	Cisco Cisco Telepresence System Software 1.9.0\(46\) Cisco Telepresence System Software 1.9.0.1\(3\) Cisco Telepresence System Software 1.9.1\(68\) Cisco Telepresence System Software 1.9.2 Cisco Telepresence System Software 1.9.2\(19\) Cisco Telepresence System Software 1.9.3 Cisco Telepresence System Software 1.9.3\(44\) Cisco Telepresence System Software 1.9.4 Cisco Telepresence System Software 1.9.4\(19\) Cisco Telepresence System Software 1.9.5 Cisco Telepresence System Software 1.9.5\(7\) Cisco Telepresence System Software 1.9.6 Cisco Telepresence System Software 1.9.6\(2\) Cisco Telepresence System Software 6.0.0.1\(4\) Cisco Telepresence System Software 6.0.1\(50\) Cisco Telepresence System Software 6.0.2\(28\) Cisco Telepresence System Software * Cisco Telepresence System Software 1.2.3 Cisco Telepresence System Software 1.2.3\(1101\) Cisco Telepresence System Software 1.3.2 Cisco Telepresence System Software 1.3.2\(1393\) Cisco Telepresence System Software 1.4.7 Cisco Telepresence System Software 1.4.7\(2229\) Cisco Telepresence System Software 1.5.1 Cisco Telepresence System Software 1.5.1\(2082\) Cisco Telepresence System Software 1.5.3 Cisco Telepresence System Software 1.5.3\(2115\) Cisco Telepresence System Software 1.5.10 Cisco Telepresence System Software 1.5.10\(3648\) Cisco Telepresence System Software 1.5.11 Cisco Telepresence System Software 1.5.11\(3659\) Cisco Telepresence System Software 1.5.12 Cisco Telepresence System Software 1.5.12\(3701\) Cisco Telepresence System Software 1.5.13 Cisco Telepresence System Software 1.5.13\(3717\) Cisco Telepresence System Software 1.6.0 Cisco Telepresence System Software 1.6.0\(3954\) Cisco Telepresence System Software 1.6.1 Cisco Telepresence System Software 1.6.2 Cisco Telepresence System Software 1.6.2\(4023\) Cisco Telepresence System Software 1.6.3 Cisco Telepresence System Software 1.6.3\(4042\) Cisco Telepresence System Software 1.6.4 Cisco Telepresence System Software 1.6.4\(4072\) Cisco Telepresence System Software 1.6.5 Cisco Telepresence System Software 1.6.5\(4097\) Cisco Telepresence System Software 1.6.6 Cisco Telepresence System Software 1.6.6\(4109\) Cisco Telepresence System Software 1.6.7 Cisco Telepresence System Software 1.6.7\(4212\) Cisco Telepresence System Software 1.6.8 Cisco Telepresence System Software 1.6.8\(4222\) Cisco Telepresence System Software 1.7.0.1\(4764\) Cisco Telepresence System Software 1.7.0.2\(4719\) Cisco Telepresence System Software 1.7.1\(4864\) Cisco Telepresence System Software 1.7.2\(4937\) Cisco Telepresence System Software 1.7.2.1\(2\) Cisco Telepresence System Software 1.7.4\(270\) Cisco Telepresence System Software 1.7.5\(42\) Cisco Telepresence System Software 1.7.6\(4\) Cisco Telepresence System Software 1.8.0\(55\) Cisco Telepresence System Software 1.8.1\(34\) Cisco Telepresence System Software 1.8.2\(11\) Cisco Telepresence System Software 1.8.3\(4\) Cisco Telepresence System Software 1.10.0 Cisco Telepresence System Software - Cisco Telepresence System Software 1.8.0U\) Cisco Telepresence System Software 1.8.4\(13\) Cisco Telepresence System Software 1.8.5\(4\) Cisco Telepresence System Software 1.8.14\) Cisco Telepresence System Software 1.9.6.1\(3\) Cisco Telepresence System Software 1.10.0\(259\) Cisco Telepresence System Software 1.10.1	73

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp