Vulnerability Details : CVE-2010-4304
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048.
Exploit prediction scoring system (EPSS) score for CVE-2010-4304
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4304
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2010-4304
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4304
-
http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html
Support & Downloads - Cisco Support & Downloads - Software Downloads, Product Documentation, Tools, and Cases - CiscoVendor Advisory
-
http://seclists.org/fulldisclosure/2010/Nov/167
Full Disclosure: Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
- http://www.trustmatta.com/advisories/MATTA-2010-001.txt
Products affected by CVE-2010-4304
- cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_videoconferencing_system_3545_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_videoconferencing_system_5230_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- Cisco » Unified Videoconferencing System 3527 Primary Rate Interface Gateway Firmware » Version: 7.0.1.13.3cpe:2.3:a:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- Cisco » Unified Videoconferencing System 3522 Basic Rate Interface Gateway Firmware » Version: 7.0.1.13.3cpe:2.3:a:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- Cisco » Unified Videoconferencing System 3515 Multipoint Control Unit Firmware » Version: 7.0.1.13.3cpe:2.3:a:cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmware:7.0.1.13.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_3545:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_5230:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_videoconferencing_system_3515_multipoint_control_unit:*:*:*:*:*:*:*:*