CVE-2011-2555

Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securitytracker.com/id?1025872
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8ad3f.shtml	Vendor Advisory
http://www.securityfocus.com/bid/48932
https://exchange.xforce.ibmcloud.com/vulnerabilities/68887
http://securitytracker.com/id?1025872
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8ad3f.shtml	Vendor Advisory
http://www.securityfocus.com/bid/48932
https://exchange.xforce.ibmcloud.com/vulnerabilities/68887

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:telepresence_recording_server_software:1.7.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:28

Type	Values Removed	Values Added
References	~~() http://securitytracker.com/id?1025872 -~~	() http://securitytracker.com/id?1025872 -
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8ad3f.shtml - Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8ad3f.shtml - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/48932 -~~	() http://www.securityfocus.com/bid/48932 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/68887 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/68887 -

Information

Published : 2011-08-29 20:55

Updated : 2024-11-21 01:28

NVD link : CVE-2011-2555

Mitre link : CVE-2011-2555

CVE.ORG link : CVE-2011-2555

JSON object : View

Products Affected

cisco

telepresence_recording_server_software

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2011-2555", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-08-29T20:55:00.817", "references": [{"url": "http://securitytracker.com/id?1025872", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8ad3f.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/48932", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68887", "source": "ykramarz@cisco.com"}, {"url": "http://securitytracker.com/id?1025872", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8ad3f.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/48932", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68887", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182."}, {"lang": "es", "value": "Cisco TelePresence Recording Server v1.7.2.x antes de v1.7.2.1 tiene una contrase\u00f1a por defecto para la cuenta de administrador root, lo que hace m\u00e1s sencillo para atacantes remotos modificar la configuraci\u00f3n a trav\u00e9s de una sesi\u00f3n SSH, tambi\u00e9n conocido como Bug ID CSCtr76182"}], "lastModified": "2024-11-21T01:28:30.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05546304-F8B7-49BD-A8DD-0BD1AB4486FC"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}