CVE-2010-0600
Last modified
CVE-2010-0600 is a vulnerability of currently unknown severity. Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.. EPSS estimates a 4.58% chance of exploitation in the next 30 days.
Description
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Mediator Framework | 1.5.1 |
| Cisco | Mediator Framework | 2.2 |
| Cisco | Mediator Framework | 3.0.8 |
References
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtmlPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/757804US Government Resource
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtmlPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/757804US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-0600?
How severe is CVE-2010-0600?
How do I fix CVE-2010-0600?
Are you affected by CVE-2010-0600?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST