SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco Video Surveillance Software Vendors:   Cisco
Cisco Video Surveillance Manager Default User Account Lets Remote Users Access the Target System
SecurityTracker Alert ID:  1041733
SecurityTracker URL:  http://securitytracker.com/id/1041733
CVE Reference:   CVE-2018-15427   (Links to External Site)
Date:  Sep 28 2018
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Video Surveillance Manager. A remote user can gain access to the target system.

A remote user can use a non-documented default user account to gain 'root' access to the target system.

Certain systems are affected.

Cisco Video Surveillance Manager releases 7.10, 7.11, and 7.11.1 are affected when preinstalled by Cisco and when running on the following Cisco Connected Safety and Security Unified Computing System (UCS) platforms:

CPS-UCSM4-1RU-K9
CPS-UCSM4-2RU-K9
KIN-UCSM5-1RU-K9
KIN-UCSM5-2RU-K9

The vendor has assigned bug ID CSCvm52231 to this vulnerability.

Impact:   A remote user can gain root access to the target system.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC