Vulnerability Details : CVE-2011-0354
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.
Products affected by CVE-2011-0354
- cpe:2.3:a:cisco:tandberg_endpoint:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_endpoint:tc2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_endpoint:tc3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_endpoint:tc3.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:tandberg_endpoint:c90:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:tandberg_endpoint:c60:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:tandberg_endpoint:c40:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:tandberg_endpoint:c20:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_personal_video_unit_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_personal_video_unit_software:tc3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:tandberg_personal_video_unit_software:te1.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:tandberg_personal_video_unit:ex90:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:tandberg_personal_video_unit:e20:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:tandberg_personal_video_unit:ex60:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0354
5.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0354
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-0354
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0354
-
http://securitytracker.com/id?1025017
TANDBERG Videoconferencing Systems Default Account Lets Remote Users Gain Root Access - SecurityTracker
-
http://www.kb.cert.org/vuls/id/436854
VU#436854 - Cisco Tandberg E, EX, and C Series default root credentialsUS Government Resource
-
http://www.securityfocus.com/bid/46107
Cisco TANDBERG C Series and E/EX Series Default Credentials Authentication Bypass Vulnerability
-
http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml
Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints - CiscoVendor Advisory
-
http://www.exploit-db.com/exploits/16100
Tandberg E & EX & C Series Endpoints - Default Root Account Credentials - Hardware remote Exploit
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=22314
Cisco Tandberg C Series Endpoints and E/EX Personal Video Default Enabled Root Account Issue
-
http://securityreason.com/securityalert/8060
Tandberg E, EX and C Series Endpoints Default Credentials for Root Account - CXSecurity.com
Jump to