CERT-In Vulnerability Note CIVN-2010-53
Cisco Digital Media Manager User Credential Information Disclosure Vulnerability

Original Issue Date: March 09, 2010

Severity Rating: Medium

System Affected

• Cisco Digital Media Manager Software versions prior to 5.2.

Overview

A vulnerability has been reported in Cisco Digital Media Manager that could allow a remote attacker to view sensitive information.

Description

Cisco Digital Media Manager is web based media management application. It allows content owners to publish, edit the digital media content for live or on demand playback. This vulnerability exists because of unsafe handling of user credentials. The application may store usernames and passwords in memory or in error logs in plain text. A remote authenticated user can exploit this vulnerability by viewing error logs or in-use memory that may contain stored user credentials. If successful, the user may obtain usernames and passwords of other system users.

Solution

Apply appropriate software fixes as mentioned in
Cisco Security Advisory

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmm.shtml

References

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmm.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=19987

VUPEN
http://www.vupen.com/english/advisories/2010/0531

SecurityTracker
http://securitytracker.com/alerts/2010/Mar/1023671.html

CVE Name
CVE-2010-0572

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003