Detections
Analytics

TANDBERG Video Communication Server Static SSH Host Keys

high Nessus Plugin ID 45545

Language:

Synopsis

The remote SSH service uses a static host key.

Description

The remote device appears to be a TANDBERG Video Communication Server (VCS), an appliance supporting interoperation of video conferencing and unified communications devices.

The fingerprint for the SSH service running on this device matches that of the host key distributed with some versions of the VCS firmware.

Knowing this, a remote attacker may be able to impersonate or conduct man-in-the-middle attacks and gain shell access to the affected device.

Solution

Generate a new SSH host key and use it in place of the current one. Then upgrade to VCS firmware version 5.1.1 or later.

See Also

http://www.vsecurity.com/resources/advisory/20100409-2/

https://www.securityfocus.com/archive/1/510654

Plugin Details

Severity: High

ID: 45545

File Name: tandberg_vcs_ssh_key.nasl

Version: 1.13

Type: remote

Published: 4/14/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 4/7/2010

Vulnerability Publication Date: 4/9/2010

Reference Information

CVE: CVE-2009-4510

BID: 39389