Vulnerability Details : CVE-2010-3038
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.
Exploit prediction scoring system (EPSS) score for CVE-2010-3038
Probability of exploitation activity in the next 30 days: 1.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3038
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-3038
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3038
-
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
Support & Downloads - Cisco Support & Downloads - Software Downloads, Product Documentation, Tools, and Cases - CiscoVendor Advisory
-
http://www.securityfocus.com/bid/44924
Cisco Unified Videoconferencing Hardcoded User Credentials Authentication Bypass Vulnerability
-
http://www.securitytracker.com/id?1024753
Cisco Unified Videoconferencing Lets Remote Users Access the System and Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
-
http://seclists.org/fulldisclosure/2010/Nov/167
Full Disclosure: Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
- http://www.trustmatta.com/advisories/MATTA-2010-001.txt
Products affected by CVE-2010-3038
- cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel