SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Cisco TelePresence Vendors:   Cisco
Cisco TelePresence System Default Credentials Let Remote Users Gain Full Access
SecurityTracker Alert ID:  1028892
SecurityTracker URL:  http://securitytracker.com/id/1028892
CVE Reference:   CVE-2013-3454   (Links to External Site)
Date:  Aug 7 2013
Impact:   User access via network
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco TelePresence. A remote user can gain full control of the target system.

The web server contains an administrative user account with default credentials. A remote user can access the system using these authentication credentials.

The vendor has assigned bug ID CSCui43128 to this vulnerability.

Cisco TelePresence System Series 500, 13X0, 1X00, 3X00, and 30X0 devices running CiscoTelePresence System Software Releases 1.10.1 and prior are affected.

Cisco TelePresence TX 9X00 Series devices running Cisco TelePresence System Software Releases 6.0.3 and prior are affected.

A Cisco customer reported this vulnerability.

Impact:   A remote user can gain full control of the target system.
Solution:   No solution was available at the time of this entry. The vendor is working on a fix.

The vendor has described a workaround in their advisory.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability

Advisory ID: cisco-sa-20130807-tp

Revision 1.0

For Public Release 2013 August 7 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account that is created with default credentials.

The vulnerability is due to a default user account being created at installation time. An attacker could exploit this vulnerability by remotely accessing the web server and using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which gives them full administrative rights to the system.

Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)

iF4EAREKAAYFAlICRBYACgkQUddfH3/BbTrGqQD+I5Yf/eVxV/vsUxX31XHDrLG+
NxwiFn3e1mDPMir9pGIA/jTzkeCxTTGMm5brlUQTFE0YJ3vDzXwAtp+HVzqu8i6K
=tMib
-----END PGP SIGNATURE-----
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC