Vulnerability Details : CVE-2010-4302
/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010.
Exploit prediction scoring system (EPSS) score for CVE-2010-4302
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4302
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2010-4302
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4302
-
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
Support & Downloads - Cisco Support & Downloads - Software Downloads, Product Documentation, Tools, and Cases - CiscoVendor Advisory
-
http://seclists.org/fulldisclosure/2010/Nov/167
Full Disclosure: Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
- http://www.trustmatta.com/advisories/MATTA-2010-001.txt
Products affected by CVE-2010-4302
- cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel