Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-4659

Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555.

Published

2012-01-19T15:55:00.820

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	telepresence_e20_software	≤ te4.1.1-cucm	Yes
Application	cisco	telepresence_e20_software	te2.2	Yes
Application	cisco	telepresence_e20_software	te2.2.1	Yes
Application	cisco	telepresence_e20_software	te4.0.0	Yes
Application	cisco	telepresence_e20_software	te4.1.0	Yes
Application	cisco	telepresence_e20_software	te4.1.1	Yes
Application	cisco	telepresence_e20_software	tenc4.0.0	Yes
Application	cisco	telepresence_e20_software	tenc4.1.0	Yes
Application	cisco	telepresence_e20_software	tenc4.1.1	Yes
Application	cisco	telepresence_e20_software	tenc4.1.1-cucm	Yes
Hardware	cisco	ip_video_phone_e20	-	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te Vendor Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)