Vulnerability Details : CVE-2013-3454
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.
Products affected by CVE-2013-3454
- cpe:2.3:a:cisco:telepresence_system_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.8.2\(11\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.8.0\(55\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.7.0.2\(4719\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.8\(4222\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.0\(3954\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.13\(3717\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.4.7\(2229\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.2.3\(1101\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.8.3\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.9.0\(46\):*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.6.7\(4212\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.6\(4109\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.5\(4097\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.4\(4072\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.3\(4042\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.7.5\(42\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.7.4\(270\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.7.2.1\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.7.2\(4937\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.12\(3701\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.11\(3659\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.10\(3648\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.1\(2082\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.8.1\(34\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.7.6\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.7.1\(4864\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.7.0.1\(4764\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.6.2\(4023\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.5.3\(2115\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:1.3.2\(1393\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_system_software:6.0.2\(28\):*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.9.0.1\(3\):*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:6.0.0.1\(4\):*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.9.3:*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.9.4:*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.9.5:*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.9.6:*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.9.2:*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.9.1\(68\):*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:6.0.1\(50\):*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:a:cisco:telepresence_system_software:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_system_3000:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_system_3210:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_system_3200:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_system_3010:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_system_tx9200:*:*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:h:cisco:telepresence_system_tx9000:*:*:*:*:*:*:*:*When used together with: Cisco » Telepresence System Software
- cpe:2.3:h:cisco:telepresence_system_1300-65:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_system_1300:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_system_500-32:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_system_500-37:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3454
1.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3454
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-3454
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3454
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp
Cisco TelePresence System Default Credentials VulnerabilityVendor Advisory
Jump to