CVE-2010-0593 - OpenCVE

The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Rvs4000 Wvc2300 Pvc2300 Wvc200 Wvc210

Configuration 1 [-]

cpe:2.3:h:cisco:pvc2300:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:h:cisco:wvc200::::::::
	cpe:2.3:h:cisco:wvc200:1.1.0.12:::::::*

Configuration 3 [-]

OR	cpe:2.3:h:cisco:wvc210::::::::
	cpe:2.3:h:cisco:wvc210:1.1.0.12:::::::*

Configuration 4 [-]

cpe:2.3:h:cisco:wvc2300:*:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:h:cisco:rvs4000::::::::
	cpe:2.3:h:cisco:rvs4000:1.3.0.5:::::::*

References

Link	Resource
http://osvdb.org/63978
http://secunia.com/advisories/39510
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/39612
http://www.securitytracker.com/id?1023906
http://www.vupen.com/english/advisories/2010/0965
https://exchange.xforce.ibmcloud.com/vulnerabilities/58034

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2010-04-22T14:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-02-10T00:00:00

Link: CVE-2010-0593

JSON object: View

NVD Information

Status : Modified

Published: 2010-04-22T14:30:00.853

Modified: 2017-08-17T01:32:02.587

Link: CVE-2010-0593

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20100421 Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"}, {"name": "1023906", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1023906"}, {"name": "cisco-small-business-unauth-access(58034)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"}, {"name": "ADV-2010-0965", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0965"}, {"name": "63978", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/63978"}, {"name": "39612", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39612"}, {"name": "39510", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39510"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2010-0593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100421 Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"}, {"name": "1023906", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023906"}, {"name": "cisco-small-business-unauth-access(58034)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"}, {"name": "ADV-2010-0965", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0965"}, {"name": "63978", "refsource": "OSVDB", "url": "http://osvdb.org/63978"}, {"name": "39612", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39612"}, {"name": "39510", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39510"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2010-0593", "datePublished": "2010-04-22T14:00:00", "dateReserved": "2010-02-10T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:pvc2300:*:*:*:*:*:*:*:*", "matchCriteriaId": "7261E300-E1FF-4BED-A769-4EF5160A19B8", "versionEndIncluding": "1.1.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wvc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9949161-A6F8-4FCA-B0F9-B24F8902B796", "versionEndIncluding": "1.1.0.15", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:wvc200:1.1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "75A3FA1B-7F80-4400-8384-FD00BC3AAFEC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wvc210:*:*:*:*:*:*:*:*", "matchCriteriaId": "582D8387-3185-45AA-A833-DFEF7BF9B7BD", "versionEndIncluding": "1.1.0.15", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:wvc210:1.1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "66012205-BEBC-4915-A116-7DB82430DBC0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wvc2300:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AF1A282-36FF-4D15-A981-83B18977DE93", "versionEndIncluding": "1.1.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rvs4000:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D7FF6DC-E1FF-4E6D-8A6C-098E07F5D898", "versionEndIncluding": "1.3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:rvs4000:1.3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "10D53639-E058-474D-9E02-D0B602460A31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."}, {"lang": "es", "value": "Cisco RVS4000 4-port Gigabit Security Router en versiones anteriores a la v1.3.2.0, PVC2300 Business Internet Video Camera en versiones anteriores a la v1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, y WVC2300 Wireless-G Business Internet Video Camera en versiones anteriores a la v1.1.2.6 no restringen de manera apropiada el acceso de lectura a las contrase\u00f1as, lo que permite a atacantes dependiendo del contexto obtener informaci\u00f3n confidencial. Vulnerabilidad relacionada con (1) acceso de usuarios remotos autenticados a PVC2300 o WVC2300 a trav\u00e9s de una URL modificada, (2) habilitar privilegios de configuraci\u00f3n en un WVC200 o WVC210, y (3) habilitar privilegios de administraci\u00f3n en un RVS4000. Tambi\u00e9n conocido como Bug ID CSCte64726."}], "id": "CVE-2010-0593", "lastModified": "2017-08-17T01:32:02.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-22T14:30:00.853", "references": [{"source": "ykramarz@cisco.com", "url": "http://osvdb.org/63978"}, {"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/39510"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/39612"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1023906"}, {"source": "ykramarz@cisco.com", "url": "http://www.vupen.com/english/advisories/2010/0965"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}