CVE-2010-4304

The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
ciscounified_videoconferencing_system_5110_firmware
7.0.1.13.3
ciscounified_videoconferencing_system_5115_firmware
7.0.1.13.3
ciscounified_videoconferencing_system_5110
*
ciscounified_videoconferencing_system_5115
*
ciscounified_videoconferencing_system_3515_multipoint_control_unit_firmware
7.0.1.13.3
ciscounified_videoconferencing_system_3522_basic_rate_interface_gateway_firmware
7.0.1.13.3
ciscounified_videoconferencing_system_3527_primary_rate_interface_gateway_firmware
7.0.1.13.3
ciscounified_videoconferencing_system_3545_firmware
7.0.1.13.3
ciscounified_videoconferencing_system_5230_firmware
7.0.1.13.3
ciscounified_videoconferencing_system_3515_multipoint_control_unit
*
ciscounified_videoconferencing_system_3522_basic_rate_interface_gateway
*
ciscounified_videoconferencing_system_3527_primary_rate_interface_gateway
*
ciscounified_videoconferencing_system_3545
*
ciscounified_videoconferencing_system_5230
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration