Vulnerability Details CVE-2010-0599
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/39904
- http://securitytracker.com/id?1024027
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml
- http://www.kb.cert.org/vuls/id/757804
- http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf
- http://secunia.com/advisories/39904
- http://securitytracker.com/id?1024027
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml
- http://www.kb.cert.org/vuls/id/757804
- http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf
Products affected by CVE-2010-0599
-
cpe:2.3:a:cisco:mediator_framework:1.5.1
-
cpe:2.3:a:cisco:mediator_framework:2.2
-
cpe:2.3:a:cisco:mediator_framework:3.0.8
-
cpe:2.3:h:cisco:network_building_mediator_nbm-2400:*
-
cpe:2.3:h:cisco:network_building_mediator_nbm-4800:*
-
cpe:2.3:h:cisco:richards-zeta_mediator_2500:*