Vulnerability Details : CVE-2010-3037
goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059.
Exploit prediction scoring system (EPSS) score for CVE-2010-3037
Probability of exploitation activity in the next 30 days: 0.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3037
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2010-3037
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3037
-
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
Support & Downloads - Cisco Support & Downloads - Software Downloads, Product Documentation, Tools, and Cases - CiscoVendor Advisory
-
http://www.securityfocus.com/bid/44922
Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities
-
http://www.securitytracker.com/id?1024753
Cisco Unified Videoconferencing Lets Remote Users Access the System and Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
-
http://seclists.org/fulldisclosure/2010/Nov/167
Full Disclosure: Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
- http://www.trustmatta.com/advisories/MATTA-2010-001.txt
Products affected by CVE-2010-3037
- cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_videoconferencing_system_3545_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_videoconferencing_system_5230_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- Cisco » Unified Videoconferencing System 3527 Primary Rate Interface Gateway Firmware » Version: 7.0.1.13.3cpe:2.3:a:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- Cisco » Unified Videoconferencing System 3522 Basic Rate Interface Gateway Firmware » Version: 7.0.1.13.3cpe:2.3:a:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- Cisco » Unified Videoconferencing System 3515 Multipoint Control Unit Firmware » Version: 7.0.1.13.3cpe:2.3:a:cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_3545:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_5230:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_3515_multipoint_control_unit:*:*:*:*:*:*:*:*