Vulnerability Details : CVE-2010-0599
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505.
Exploit prediction scoring system (EPSS) score for CVE-2010-0599
Probability of exploitation activity in the next 30 days: 1.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0599
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-0599
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0599
-
http://www.kb.cert.org/vuls/id/757804
VU#757804 - Cisco Network Building Mediator products contain multiple vulnerabilitiesUS Government Resource
-
http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf
404 - File Not Found | CISA
-
http://securitytracker.com/id?1024027
Cisco Network Building Mediator Lets Remote Users Login and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml
Multiple Vulnerabilities in Cisco Network Building Mediator - CiscoPatch;Vendor Advisory
Products affected by CVE-2010-0599
- cpe:2.3:a:cisco:mediator_framework:2.2:*:*:*:*:*:*:*When used together with: Cisco » Network Building Mediator Nbm-2400When used together with: Cisco » Network Building Mediator Nbm-4800When used together with: Cisco » Richards-zeta Mediator 2500
- cpe:2.3:a:cisco:mediator_framework:3.0.8:*:*:*:*:*:*:*When used together with: Cisco » Network Building Mediator Nbm-2400When used together with: Cisco » Network Building Mediator Nbm-4800When used together with: Cisco » Richards-zeta Mediator 2500
- cpe:2.3:a:cisco:mediator_framework:1.5.1:*:*:*:*:*:*:*When used together with: Cisco » Network Building Mediator Nbm-2400When used together with: Cisco » Network Building Mediator Nbm-4800When used together with: Cisco » Richards-zeta Mediator 2500