CVE-2010-0600 — HIGH (10.0)

Vulnerability Description

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Mediator Framework	1.5.1
Cisco	Network Building Mediator Nbm-2400	All versions
Cisco	Network Building Mediator Nbm-4800	All versions
Cisco	Richards-Zeta Mediator 2500	All versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2010-0600?

CVE-2010-0600 is a vulnerability with a CVSS score of 10.0 (HIGH). Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Medi...

How severe is CVE-2010-0600?

CVE-2010-0600 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0600?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Mediator Framework, Cisco Network Building Mediator Nbm-2400, Cisco Network Building Mediator Nbm-4800, Cisco Richards-Zeta Mediator 2500.