CVE-2010-4305

Name of the Vulnerable Software and Affected Versions Cisco Unified Videoconferencing (UVC) System versions 3545, 5110, 5115, and 5230 Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Unified Videoconferencing 3515 Multipoint Control Unit (MCU)

Description The issue allows remote attackers to obtain sensitive information by reading a cleartext or base64-encoded cleartext cookie. This is due to the improper use of cookies for web-interface credentials.

Recommendations For Cisco Unified Videoconferencing (UVC) System versions 3545, 5110, 5115, and 5230, consider disabling the web interface until a patch is available. For Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, restrict access to the web interface to minimize the risk of exploitation. For Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, avoid using the web interface for sensitive operations until the issue is resolved. For Unified Videoconferencing 3515 Multipoint Control Unit (MCU), consider implementing additional security measures to protect against unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.