Vulnerability Description
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Videoconferencing System 5110 Firmware | 7.0.1.13.3 |
| Cisco | Unified Videoconferencing System 5115 Firmware | 7.0.1.13.3 |
| Cisco | Unified Videoconferencing System 5110 | All versions |
| Cisco | Unified Videoconferencing System 5115 | All versions |
| Linux | Linux Kernel | All versions |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2010/Nov/167
- http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.hVendor Advisory
- http://www.trustmatta.com/advisories/MATTA-2010-001.txt
- http://seclists.org/fulldisclosure/2010/Nov/167
- http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.hVendor Advisory
- http://www.trustmatta.com/advisories/MATTA-2010-001.txt
FAQ
What is CVE-2010-4303?
CVE-2010-4303 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encr...
How severe is CVE-2010-4303?
CVE-2010-4303 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4303?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Videoconferencing System 5110 Firmware, Cisco Unified Videoconferencing System 5115 Firmware, Cisco Unified Videoconferencing System 5110, Cisco Unified Videoconferencing System 5115, Linux Linux Kernel.