CVE-2010-0598
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD
Description
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631.
Affected (3)
Products: Cisco: Mediator Framework
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.5.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Network Building Mediator Nbm 2400 | All versions |
Cisco Network Building Mediator Nbm 4800 | All versions |
Cisco Richards Zeta Mediator 2500 | All versions |
Related CWEs
References (10)
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Patch
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.