A security researcher found a vulnerability affecting the Linux operating system in the Cisco Unified Video Conferencing system (uniied Videoconferencing system. These vulnerabilities allow attackers to access the video conferencing device and steal certificates.
These vulnerabilities affect the Cisco UVC 5100 Series and 3500 series. Cisco has not fixed this vulnerability yet. It recommends that you "Disable FTP, SSH, and Telnet servers, and set the security mode domain in the Cisco UVC web GUI to the maximum, to restrict access to a trusted host on a Cisco UVC web server."
Florent Daigniere, a researcher at a penetration testing company, first reported these vulnerabilities to Cisco. He found 7 different vulnerabilities in Cisco products, including hard-coded usernames, weak session IDs, and weak fuzzy processing of certificates. [LINUX community www.bkjia.com]
In the Full Disclosure mailing list, Daigniere said Cisco's vulnerabilities allow attackers to "completely control Unified Video Conferencing devices and a large number of user passwords ". Attackers can also launch attacks on other parts of the target infrastructure.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
