CVE-2010-0598 : Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631.

Published 2010-05-27 19:30:01

Updated 2010-06-13 19:16:49

Source Cisco Systems, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-0598

Probability of exploitation activity in the next 30 days: 1.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0598

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-0598

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0598

http://www.kb.cert.org/vuls/id/757804

VU#757804 - Cisco Network Building Mediator products contain multiple vulnerabilities
US Government Resource

CVEs referencing this url
http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf

404 - File Not Found | CISA

CVEs referencing this url
http://securitytracker.com/id?1024027

Cisco Network Building Mediator Lets Remote Users Login and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker

CVEs referencing this url
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml

Multiple Vulnerabilities in Cisco Network Building Mediator - Cisco
Patch

CVEs referencing this url

Products affected by CVE-2010-0598

Cisco » Mediator Framework » Version: 2.2
cpe:2.3:a:cisco:mediator_framework:2.2:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Network Building Mediator Nbm-2400
When used together with: Cisco » Network Building Mediator Nbm-4800
When used together with: Cisco » Richards-zeta Mediator 2500
Cisco » Mediator Framework » Version: 3.0.8
cpe:2.3:a:cisco:mediator_framework:3.0.8:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Network Building Mediator Nbm-2400
When used together with: Cisco » Network Building Mediator Nbm-4800
When used together with: Cisco » Richards-zeta Mediator 2500
Cisco » Mediator Framework » Version: 1.5.1
cpe:2.3:a:cisco:mediator_framework:1.5.1:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Network Building Mediator Nbm-2400
When used together with: Cisco » Network Building Mediator Nbm-4800
When used together with: Cisco » Richards-zeta Mediator 2500

Vulnerability Details : CVE-2010-0598

Exploit prediction scoring system (EPSS) score for CVE-2010-0598

CVSS scores for CVE-2010-0598

CWE ids for CVE-2010-0598

References for CVE-2010-0598

Products affected by CVE-2010-0598