CVE-2011-4659 - Vulnerability Details - OpenCVE

Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ip Video Phone E20 Telepresence E20 Software

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:telepresence_e20_software::::::::
	cpe:2.3:a:cisco:telepresence_e20_software:te2.2:::::::*
	cpe:2.3:a:cisco:telepresence_e20_software:te2.2.1:::::::*
	cpe:2.3:a:cisco:telepresence_e20_software:te4.0.0:::::::*
	cpe:2.3:a:cisco:telepresence_e20_software:te4.1.0:::::::*
	cpe:2.3:a:cisco:telepresence_e20_software:te4.1.1:::::::*
	cpe:2.3:a:cisco:telepresence_e20_software:tenc4.0.0:::::::*
	cpe:2.3:a:cisco:telepresence_e20_software:tenc4.1.0:::::::*
	cpe:2.3:a:cisco:telepresence_e20_software:tenc4.1.1:::::::*
	cpe:2.3:a:cisco:telepresence_e20_software:tenc4.1.1-cucm:::::::*

cpe:2.3:h:cisco:ip_video_phone_e20:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2012-01-19T15:00:00Z

Updated: 2024-09-17T03:42:52.863Z

Reserved: 2011-12-01T00:00:00Z

Link: CVE-2011-4659

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-01-19T15:55:00.820

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4659

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-01-19T15:00:00Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20120118 Cisco IP Video Phone E20 Default Root Account", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2011-4659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20120118 Cisco IP Video Phone E20 Default Root Account", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:09:19.380Z"}, "title": "CVE Program Container", "references": [{"name": "20120118 Cisco IP Video Phone E20 Default Root Account", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2011-4659", "datePublished": "2012-01-19T15:00:00Z", "dateReserved": "2011-12-01T00:00:00Z", "dateUpdated": "2024-09-17T03:42:52.863Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "F283D9C2-6417-4164-ABCF-92CDCEE0369F", "versionEndIncluding": "te4.1.1-cucm", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:te2.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F1FA842-B89F-4297-8C32-E07E8DD64A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:te2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F1890CD-A9DE-426A-9769-BD69D38C38AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:te4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "71BC3E49-C15E-4658-BC03-F0AC5913B4BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:te4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A0F3990-2C2F-4CF7-9F8B-2F799A89FA2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:te4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2AC50D6-6989-4E1D-A5EF-BA8BCC90F8EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:tenc4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D31C6E3-3D59-4980-B1C9-1F8F625CF1D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:tenc4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B75F0545-9A8D-4199-9BD0-CC4FA590DD8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:tenc4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6D61CB9-78CE-4FB7-BBC8-F94E4D59BB3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:tenc4.1.1-cucm:*:*:*:*:*:*:*", "matchCriteriaId": "75788217-A69B-4F08-B16C-A2A8BE9FD32A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_video_phone_e20:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBFD8721-837D-4FD8-A84F-D844E5C199D5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555."}, {"lang": "es", "value": "Cisco TelePresence Software antes de TE v4.1.1 en el Cisco IP Video Phone E20 tiene una contrase\u00f1a por defecto para la cuenta de root tras una actualizaci\u00f3n a la v4.1.0 TE, lo cual permite modificar la configuraci\u00f3n a trav\u00e9s de una sesi\u00f3n SSH a atacantes remotos. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCtw69889 y es diferente al CVE-2011-2555."}], "id": "CVE-2011-4659", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-01-19T15:55:00.820", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}