PT-2013-4406 · Cisco · Cisco Telepresence System

Published

2013-08-08

Updated

2013-08-09

CVE-2013-3454

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco TelePresence System Software versions 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices Cisco TelePresence System Software version 6.0.3 and earlier on TX 9X00 devices

Description The issue allows remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests due to a default password for the pwrecovery account.

Recommendations For Cisco TelePresence System Software versions 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, change the default password for the pwrecovery account. For Cisco TelePresence System Software version 6.0.3 and earlier on TX 9X00 devices, change the default password for the pwrecovery account.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2013-3454

Affected Products

Cisco Telepresence System

PT-2013-4406 · Cisco · Cisco Telepresence System

CVE-2013-3454

Weakness Enumeration

Related Identifiers

Affected Products

References · 2