Cisco's Tandberg C series endpoints and E/EX personal video units that run software versions prior to TC4.0.0 have a root administrator account enabled by default with no password.
"This vulnerability affects Tandberg C Series Endpoints and E/EX Personal Video units, including software that is running on the C20, C40, C60, C90, E20, EX60, and EX90 codecs. The software version of the Tandberg unit can be determined by logging into the web-based user interface (UI) or using the "xStatus SystemUnit" command.
An attacker may be able to gain complete administrative control of the device.
Apply an Update
Users should upgrade to version TC4.0.0 or later of the device software, disable the root account, and verify the administrator account has a password set. Updates are available from the Cisco Software Area.
Devices running software version TC 4.0.0 or later
Cisco Systems, Inc.
This document was written by Jared Allar.
|Date First Published:||2011-02-03|
|Date Last Updated:||2011-02-03 14:54 UTC|