Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-3037

goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059.

Published

2010-11-22T20:00:03.167

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 8.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.8

Impact Score

10.0

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	unified_videoconferencing_system_5110_firmware	7.0.1.13.3	Yes
Application	cisco	unified_videoconferencing_system_5115_firmware	7.0.1.13.3	Yes
Hardware	cisco	unified_videoconferencing_system_5110	*	Yes
Hardware	cisco	unified_videoconferencing_system_5115	*	Yes
Application	cisco	unified_videoconferencing_system_3515_multipoint_control_unit_firmware	7.0.1.13.3	Yes
Application	cisco	unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware	7.0.1.13.3	Yes
Application	cisco	unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware	7.0.1.13.3	Yes
Application	cisco	unified_videoconferencing_system_3545_firmware	7.0.1.13.3	Yes
Application	cisco	unified_videoconferencing_system_5230_firmware	7.0.1.13.3	Yes
Hardware	cisco	unified_videoconferencing_system_3515_multipoint_control_unit	*	Yes
Hardware	cisco	unified_videoconferencing_system_3522_basic_rate_interface_gateway	*	Yes
Hardware	cisco	unified_videoconferencing_system_3527_primary_rate_interface_gateway	*	Yes
Hardware	cisco	unified_videoconferencing_system_3545	*	Yes
Hardware	cisco	unified_videoconferencing_system_5230	*	Yes

References

http://seclists.org/fulldisclosure/2010/Nov/167 ([email protected])
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/44922 ([email protected])
http://www.securitytracker.com/id?1024753 ([email protected])
http://www.trustmatta.com/advisories/MATTA-2010-001.txt ([email protected])
http://seclists.org/fulldisclosure/2010/Nov/167 (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44922 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024753 (af854a3a-2127-422b-91ae-364da2661108)
http://www.trustmatta.com/advisories/MATTA-2010-001.txt (af854a3a-2127-422b-91ae-364da2661108)