CVE-2011-4659

Published: Jan 19, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555.

Affected (11)

Products: Cisco: Telepresence E20 Software, Ip Video Phone E20

Cisco

2 products

Telepresence E20 Software

Ip Video Phone E20

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence E20 Software	Up to te4.1.1-cucm
Cisco Telepresence E20 Software	Version te2.2.1
Cisco Telepresence E20 Software	Version te2.2
Cisco Telepresence E20 Software	Version te4.0.0
Cisco Telepresence E20 Software	Version te4.1.0
Cisco Telepresence E20 Software	Version te4.1.1
Cisco Telepresence E20 Software	Version tenc4.0.0
Cisco Telepresence E20 Software	Version tenc4.1.0
Cisco Telepresence E20 Software	Version tenc4.1.1-cucm
Cisco Telepresence E20 Software	Version tenc4.1.1
Cisco Ip Video Phone E20	All versions

Related CWEs

CWE-264

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.