2010-11-19

Cisco製品

ソフト名:Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU), Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Cisco Unified Videoconferencing 3545 System/5110 System/5115 System/5230 System
回避策:cisco-sr-20101117-cuvcにて対応
脆弱性:不可変のユーザー名とパスワードの包含, リモートコマンド実行, セキュリティの強度不足, 機密情報の奪取, 不正アクセス, ユーザーセッションの乗っ取り, クッキーのストア, FTPサーバーの使用可能性, リモートアクセス, DoS攻撃
ソース:
http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml
http://www.trustmatta.com/advisories/MATTA-2010-001.txt
http://www.securityfocus.com/bid/44922
http://www.securityfocus.com/bid/44923
http://www.securityfocus.com/bid/44924
http://www.securityfocus.com/bid/44925
http://www.securityfocus.com/bid/44926
http://www.securityfocus.com/bid/44927
http://www.securityfocus.com/bid/44928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3038
http://secunia.com/advisories/42248
CVE:CVE-2010-3037, CVE-2010-3038
危険性:High Risk

0 件のコメント:

コメントを投稿