Last Updated: 2010-11-17 21:57:57 UTC
by Guy Bruneau (Version: 1)
Multiple vulnerabilities have been reported in Cisco Unified Videoconferencing (Cisco UVC) 5100 series which also impact Cisco Unified Videoconferencing 5200 and 3500 Series.
There is currently no fixes for these vulnerabilities and Cisco recommends "limiting access to Cisco UVC web server to trusted hosts by disabling FTP, SSH, and Telnet services and by setting the "Security mode" field in the "Security" section of the Cisco UVC web GUI to Maximum."
The complete list of affected products/versions, including detailed information about the vulnerabilities can be found here.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org