search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Cisco Tandberg E, EX, and C Series default root credentials

Vulnerability Note VU#436854

Original Release Date: 2011-02-03 | Last Revised: 2011-02-03


Cisco's Tandberg C series endpoints and E/EX personal video units that run software versions prior to TC4.0.0 have a root administrator account enabled by default with no password.


Cisco Advisory cisco-sa-20110202-tandberg states:

"This vulnerability affects Tandberg C Series Endpoints and E/EX Personal Video units, including software that is running on the C20, C40, C60, C90, E20, EX60, and EX90 codecs. The software version of the Tandberg unit can be determined by logging into the web-based user interface (UI) or using the "xStatus SystemUnit" command.

Users can determine the Tandberg software version by entering the IP address of the codec in a web browser, authenticating (if the device is configured for authentication), and then selecting the "system info" menu option. The version number is displayed after the "Software Version" label in the System Info box.

Alternatively the software version can be determined from the device's application programmer interface using the "xStatus SystemUnit" command. The software version running on the codec is displayed after the "SystemUnit Software Version" label. The output from "xStatus SystemUnit" will display a result similar to the following:"

    xStatus SystemUnit
    *s SystemUnit ProductType: "Cisco TelePresence Codec"
    *s SystemUnit ProductId: "Cisco TelePresence Codec C90"
    *s SystemUnit ProductPlatform: "C90"
    *s SystemUnit Uptime: 597095
    *s SystemUnit Software Application: "Endpoint"
    *s SystemUnit Software Version: "TC4.0"
    *s SystemUnit Software Name: "s52000"
    *s SystemUnit Software ReleaseDate: "2010-11-01"
    *s SystemUnit Software MaxVideoCalls: 3
    *s SystemUnit Software MaxAudioCalls: 4
    *s SystemUnit Software ReleaseKey: "true"
    *s SystemUnit Software OptionKeys NaturalPresenter: "true"
    *s SystemUnit Software OptionKeys MultiSite: "true"
    *s SystemUnit Software OptionKeys PremiumResolution: "true"
    *s SystemUnit Hardware Module SerialNumber: "B1AD25A00003"
    *s SystemUnit Hardware Module Identifier: "0"
    *s SystemUnit Hardware MainBoard SerialNumber: "PH0497201"
    *s SystemUnit Hardware MainBoard Identifier: "101401-3 [04]"
    *s SystemUnit Hardware VideoBoard SerialNumber: "PH0497874"
    *s SystemUnit Hardware VideoBoard Identifier: "101560-1 [02]"
    *s SystemUnit Hardware AudioBoard SerialNumber: "N/A"
    *s SystemUnit Hardware AudioBoard Identifier:
    *s SystemUnit Hardware BootSoftware: "U-Boot 2009.03-65"
    *s SystemUnit State System: Initialized
    *s SystemUnit State MaxNumberOfCalls: 3
    *s SystemUnit State MaxNumberOfActiveCalls: 3
    *s SystemUnit State NumberOfActiveCalls: 1
    *s SystemUnit State NumberOfSuspendedCalls: 0
    *s SystemUnit State NumberOfInProgressCalls: 0
    *s SystemUnit State Subsystem Application: Initialized
    *s SystemUnit ContactInfo: ""
    ** end


An attacker may be able to gain complete administrative control of the device.


Apply an Update

Users should upgrade to version TC4.0.0 or later of the device software, disable the root account, and verify the administrator account has a password set. Updates are available from the Cisco Software Area.

Devices running software version TC 4.0.0 or later

To disable the root account, an administrator should log in to the applications programmer interface and use the command "systemtools rootsettings off" to temporarily disable the account, or the command "systemtools rootsettings never" to permanently disable the root user.

The root user is enabled for advanced debugging. If the root user is needed, the password should be configured when the account is enabled. This can be done through the command "systemtools rootsettings on [password]".

The default configuration of devices running TC4.0.0 does not contain a password for the administrator account. The password for the administrator account should be set with the command "xCommand SystemUnit AdminPassword Set Password: [password]".

Devices running software versions prior to TC 4.0.0

The root user cannot be disabled on devices running software versions prior to TC4.0.0. The password for the root account is the same as the administrator password. The administrator password is set with the command "xCommand SystemUnit AdminPassword Set Password: [password]".

Vendor Information


Cisco Systems, Inc. Affected

Updated:  February 03, 2011



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector



This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2011-0354
Severity Metric: 99.00
Date Public: 2011-02-02
Date First Published: 2011-02-03
Date Last Updated: 2011-02-03 14:54 UTC
Document Revision: 14

Sponsored by CISA.