Cisco Video Surveillance Manager Appliance Default Password Vulnerability(cisco-sa-20180921-vsm)

critical Nessus Plugin ID 122249

Synopsis

The remote host is affected by a default password vulnerability

Description

According to its self-reported version, the version of Cisco Video Surveillance Manager installed on the remote host is affected by a default password vulnerability. An attacker could exploit this vulnerability to login as the 'root' user and execute arbitrary commands.

Solution

Upgrade to Cisco Video Surveillance Manager 7.12 or later. Alternatively customers who do not want to upgrade to 7.12 should contact Cisco TAC for further assistance

See Also

http://www.nessus.org/u?1fc73780

Plugin Details

Severity: Critical

ID: 122249

File Name: cisco-sa-20180921-vsm.nasl

Version: 1.2

Type: remote

Family: CISCO

Published: 2/15/2019

Updated: 10/31/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-15427

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:video_surveillance_manager

Required KB Items: installed_sw/Cisco Video Surveillance Management Console

Exploit Ease: No known exploits are available

Patch Publication Date: 9/21/2018

Vulnerability Publication Date: 9/21/2018

Reference Information

CVE: CVE-2018-15427

BID: 105381

CISCO-SA: cisco-sa-20180921-vsm

IAVA: 2019-A-0057