===================================================================== CERT-Renater Note d'Information No. 2013/VULN336 _____________________________________________________________________ DATE : 08/08/2013 HARDWARE PLATFORM(S): Cisco TelePresence System Series 500, 13X0, 1X00, 3X00, 30X0, TX 9X00. OPERATING SYSTEM(S): Systems running CiscoTelePresence System Software Releases up to and including 1.10.1, 6.0.3. ====================================================================== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp ______________________________________________________________________ Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability Advisory ID: cisco-sa-20130807-tp Revision 1.0 For Public Release 2013 August 7 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account that is created with default credentials. The vulnerability is due to a default user account being created at installation time. An attacker could exploit this vulnerability by remotely accessing the web server and using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which gives them full administrative rights to the system. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================