Vulnerabilities could lead to unauthorized control of devices
By Cisco Subnet on Fri, 05/28/10 - 12:41pm.Cisco has issued a security advisory for its Network Building Mediator (NBM) and legacy Richards-Zeta Mediator products. The products allow different building systems to communicate with each other for facilities management.
Cisco acquired Richards-Zeta last year.
Multiple vulnerabilities affect the legacy Richards-Zeta Mediator 2500 product and Cisco Network Building Mediator NBM-2400 and NBM-4800 models. All Mediator Framework software releases prior to 3.1.1 are also affected.
The vulnerabilities exist in the areas of default credentials, privilege escalation, unauthorized information interception and unauthorized information access. Details can be found here. Successful exploitation of any of these vulnerabilities could result in a malicious user taking complete control over an affected device, the Cisco advisory states.
Cisco says it has released free software updates that address these vulnerabilities. Workarounds are also available that mitigate some of the vulnerabilities.
Cisco says the vulnerabilities were discovered during internal testing. The company is not aware of any public announcements or malicious use of the vulnerabilities described in the advisory.
No comments:
Post a Comment