Predictable Session IDs in Cisco Unified Videoconferencing Systems

Predictable Session IDs in Cisco Unified Videoconferencing Systems

CVE-2010-4304 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048.

Learn more about our Cis Benchmark Audit For Cisco.