CVE-2010-4304 (CNNVD-201011-240)
中文标题:
Cisco UVC System多个产品web接口授权问题漏洞
英文标题:
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unifie...
漏洞描述
中文描述:
Cisco Unified Videoconferencing 是思科统一通信系统的一个组成部分,适用于需要一个可靠、便于管理、经济有效的网络基础设施,来进行视频会议应用部署的机构和电信运营商。 Cisco Unified Videoconferencing(UVC)System 3545,5110,5115以及5230;Unified Videoconferencing 3527 Primary Rate Interface(PRI)Gateway;Unified Videoconferencing 3522 Basic Rate Interfaces(BRI)Gateway;以及Unified Videoconferencing 3515 Multipoint Control Unit(MCU)中的web接口使用了基于时间值的可预测会话ID。远程攻击者更容易借助暴力攻击劫持会话。
英文描述:
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | unified_videoconferencing_system_5110_firmware | 7.0.1.13.3 | - | - |
cpe:2.3:a:cisco:unified_videoconferencing_system_5110_firmware:7.0.1.13.3:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_5115_firmware | 7.0.1.13.3 | - | - |
cpe:2.3:a:cisco:unified_videoconferencing_system_5115_firmware:7.0.1.13.3:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_5110 | * | - | - |
cpe:2.3:h:cisco:unified_videoconferencing_system_5110:*:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_5115 | * | - | - |
cpe:2.3:h:cisco:unified_videoconferencing_system_5115:*:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_3515_multipoint_control_unit_firmware | 7.0.1.13.3 | - | - |
cpe:2.3:a:cisco:unified_videoconferencing_system_3515_multipoint_control_unit_firmware:7.0.1.13.3:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware | 7.0.1.13.3 | - | - |
cpe:2.3:a:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware | 7.0.1.13.3 | - | - |
cpe:2.3:a:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware:7.0.1.13.3:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_3545_firmware | 7.0.1.13.3 | - | - |
cpe:2.3:a:cisco:unified_videoconferencing_system_3545_firmware:7.0.1.13.3:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_5230_firmware | 7.0.1.13.3 | - | - |
cpe:2.3:a:cisco:unified_videoconferencing_system_5230_firmware:7.0.1.13.3:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_3515_multipoint_control_unit | * | - | - |
cpe:2.3:h:cisco:unified_videoconferencing_system_3515_multipoint_control_unit:*:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_3522_basic_rate_interface_gateway | * | - | - |
cpe:2.3:h:cisco:unified_videoconferencing_system_3522_basic_rate_interface_gateway:*:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_3527_primary_rate_interface_gateway | * | - | - |
cpe:2.3:h:cisco:unified_videoconferencing_system_3527_primary_rate_interface_gateway:*:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_3545 | * | - | - |
cpe:2.3:h:cisco:unified_videoconferencing_system_3545:*:*:*:*:*:*:*:*
|
| cisco | unified_videoconferencing_system_5230 | * | - | - |
cpe:2.3:h:cisco:unified_videoconferencing_system_5230:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:N/AC:L/Au:N/C:P/I:P/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2010-4304 |
2025-11-11 15:18:19 | 2025-11-11 07:33:11 |
| NVD | nvd_CVE-2010-4304 |
2025-11-11 14:53:27 | 2025-11-11 07:42:00 |
| CNNVD | cnnvd_CNNVD-201011-240 |
2025-11-11 15:09:11 | 2025-11-11 07:49:47 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 加密问题
- cnnvd_id: 未提取 -> CNNVD-201011-240
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 6.4
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:P/A:N
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 14
- data_sources: ['cve'] -> ['cve', 'nvd']