Cisco Unified Videoconferencing Products: Multiple Vulnerabilities

Users of Cisco Unified Videoconferencing Products please be advised of Multiple Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

cisco-sr-20101117-cuvc: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products
Details for Reported Vulnerabilities


Hard-Coded Credentials in Cisco UVC Products

Remote Command Injection on the Web Interface in Cisco UVC Products
Weak Obfuscation of Credentials in Cisco UVC Products
FTP Server Accessible by Default in Cisco UVC Products
Shadow Password File has Read Permissions for All Users in Cisco UVC Products
Lock Down OpenSSH Configuration in Cisco UVC Products