CVE-2013-3454 — Vulnetix

CVE-2013-3454 PUBLISHED CVSS 10 CRITICAL

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.

EPSS 0.86% · 75.4th percentile

Risk Scores

CVSS 2.0

EPSS Score

0.86%

75.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
cisco	telepresence_system_3000
cisco	telepresence_system_1300-65
cisco	telepresence_system_3010
Cisco	N/A
cisco	telepresence_system_1300
cisco	telepresence_system_3200
cisco	telepresence_system_500-37
cisco	telepresence_system_software	6.0.2\(28\), 0, 1.2.3
cisco	telepresence_system_tx9200
cisco	telepresence_system_500-32
cisco	telepresence_system_tx9000
cisco	telepresence_system_3210

Exploit Intelligence

20130807 Cisco TelePresence System Default Credentials Vulnerability (circl)

Timeline

Aug 7, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 16, 2023 EPSS Score

References

20130807 Cisco TelePresence System Default Credentials Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2013-3454 advisory

Open in Interactive Console →