// For flags

CVE-2010-0593

 

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726.

Cisco RVS4000 4-port Gigabit Security Router en versiones anteriores a la v1.3.2.0, PVC2300 Business Internet Video Camera en versiones anteriores a la v1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, y WVC2300 Wireless-G Business Internet Video Camera en versiones anteriores a la v1.1.2.6 no restringen de manera apropiada el acceso de lectura a las contraseñas, lo que permite a atacantes dependiendo del contexto obtener información confidencial. Vulnerabilidad relacionada con (1) acceso de usuarios remotos autenticados a PVC2300 o WVC2300 a través de una URL modificada, (2) habilitar privilegios de configuración en un WVC200 o WVC210, y (3) habilitar privilegios de administración en un RVS4000. También conocido como Bug ID CSCte64726.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-02-10 CVE Reserved
  • 2010-04-22 CVE Published
  • 2024-06-09 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Pvc2300
Search vendor "Cisco" for product "Pvc2300"
 <= 1.1.1.4
Search vendor "Cisco" for product "Pvc2300" and version " <= 1.1.1.4"
-
Affected
Cisco
Search vendor "Cisco"
 Wvc200
Search vendor "Cisco" for product "Wvc200"
 <= 1.1.0.15
Search vendor "Cisco" for product "Wvc200" and version " <= 1.1.0.15"
-
Affected
Cisco
Search vendor "Cisco"
 Wvc200
Search vendor "Cisco" for product "Wvc200"
 1.1.0.12
Search vendor "Cisco" for product "Wvc200" and version "1.1.0.12"
-
Affected
Cisco
Search vendor "Cisco"
 Wvc210
Search vendor "Cisco" for product "Wvc210"
 <= 1.1.0.15
Search vendor "Cisco" for product "Wvc210" and version " <= 1.1.0.15"
-
Affected
Cisco
Search vendor "Cisco"
 Wvc210
Search vendor "Cisco" for product "Wvc210"
 1.1.0.12
Search vendor "Cisco" for product "Wvc210" and version "1.1.0.12"
-
Affected
Cisco
Search vendor "Cisco"
 Wvc2300
Search vendor "Cisco" for product "Wvc2300"
 <= 1.1.1.4
Search vendor "Cisco" for product "Wvc2300" and version " <= 1.1.1.4"
-
Affected
Cisco
Search vendor "Cisco"
 Rvs4000
Search vendor "Cisco" for product "Rvs4000"
 <= 1.3.1.0
Search vendor "Cisco" for product "Rvs4000" and version " <= 1.3.1.0"
-
Affected
Cisco
Search vendor "Cisco"
 Rvs4000
Search vendor "Cisco" for product "Rvs4000"
 1.3.0.5
Search vendor "Cisco" for product "Rvs4000" and version "1.3.0.5"
-
Affected