Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities

Published: 2010-11-17
Last Updated: 2010-11-17 21:57:57 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Multiple vulnerabilities have been reported in Cisco Unified Videoconferencing (Cisco UVC) 5100 series which also impact Cisco Unified Videoconferencing 5200 and 3500 Series.[1]


There is currently no fixes for these vulnerabilities and Cisco recommends "limiting access to Cisco UVC web server to trusted hosts by disabling FTP, SSH, and Telnet services and by setting the "Security mode" field in the "Security" section of the Cisco UVC web GUI to Maximum."

The complete list of affected products/versions, including detailed information about the vulnerabilities can be found here.

[1] http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml


-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

0 comment(s)
Diary Archives