cbcvebase.
CVE-2011-0354
published 2011-02-03

CVE-2011-0354: The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password…

PriorityP275critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
13.99%
96.1th percentile
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.

Affected

20 ranges
VendorProductVersion rangeFixed in
ciscotandberg_endpoint<= tc3.1.3
ciscotandberg_endpoint
ciscotandberg_endpoint
ciscotandberg_endpoint
ciscotandberg_endpoint
ciscotandberg_endpoint
ciscotandberg_endpoint
ciscotandberg_endpoint
ciscotandberg_endpoint
ciscotandberg_endpoint
ciscotandberg_personal_video_unit
ciscotandberg_personal_video_unit
ciscotandberg_personal_video_unit
ciscotandberg_personal_video_unit_software<= tc3.1.3
ciscotandberg_personal_video_unit_software<= te2.2.1
ciscotandberg_personal_video_unit_software
ciscotandberg_personal_video_unit_software
ciscotandberg_personal_video_unit_software
ciscotandberg_personal_video_unit_software
ciscotandberg_personal_video_unit_software

Detection & IOCsextracted from sources · hover to see the quote

commandsystemtools rootsettings off
commandsystemtools rootsettings never
commandsystemtools rootsettings on [password]
commandxStatus SystemUnit
commandxCommand SystemUnit AdminPassword Set Password: [password]
  • Detect unauthenticated root login attempts against Cisco Tandberg C/E/EX series endpoints running software prior to TC4.0.0 — the root account has a blank password by default and is accessible remotely.
  • Monitor for use of the 'xStatus SystemUnit' API command against Tandberg devices, which can be used to fingerprint vulnerable software versions (prior to TC4.0.0) before exploitation.
  • Alert on 'systemtools rootsettings' commands issued on Tandberg devices, as this is the specific API used to enable/disable the root account and may indicate post-exploitation activity.
  • Affected codecs include C20, C40, C60, C90, E20, EX60, and EX90 — enumerate these device types on the network and verify software version is TC4.0.0 or later.
  • ·The root account is NOT the same as the admin or user accounts — it is a separate privileged account enabled for advanced debugging and is active with no password in all versions prior to TC4.0.0.
  • ·On devices running software PRIOR to TC4.0.0, the root account cannot be disabled — only its password can be set (it mirrors the administrator password). Full remediation requires upgrade to TC4.0.0.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.