var-201810-0597
Vulnerability from variot
A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Video Surveillance Manager (VSM) The software contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Video Surveillance Manager Appliance is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm52231. Cisco CPS-UCSM4-1RU-K9 and so on are the networked security and safety unified computing system platform of American Cisco Company. The following products are affected: Cisco CPS-UCSM4-1RU-K9; CPS-UCSM4-2RU-K9; KIN-UCSM5-1RU-K9; KIN-UCSM5-2RU-K9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "7.11.1"
},
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "7.11"
},
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "video surveillance manager",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "connected safety and security unified computing system kin-ucsm5-2ru-k9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "connected safety and security unified computing system kin-ucsm5-1ru-k9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "connected safety and security unified computing system cps-ucsm4-2ru-k9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "connected safety and security unified computing system cps-ucsm4-1ru-k9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "video surveillance manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.12"
}
],
"sources": [
{
"db": "BID",
"id": "105381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:connected_safety_and_security_ucs_c220:-:*:*:*:*:*:m5_2-ru:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:connected_safety_and_security_ucs_c220:-:*:*:*:*:*:m4_2-ru:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:connected_safety_and_security_ucs_c220:-:*:*:*:*:*:m4_1-ru:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:connected_safety_and_security_ucs_c220:-:*:*:*:*:*:m5_1-ru:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15427"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "105381"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
],
"trust": 0.9
},
"cve": "CVE-2018-15427",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-15427",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-125685",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15427",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15427",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1128",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125685",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-15427",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Video Surveillance Manager (VSM) The software contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Video Surveillance Manager Appliance is prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCvm52231. Cisco CPS-UCSM4-1RU-K9 and so on are the networked security and safety unified computing system platform of American Cisco Company. The following products are affected: Cisco CPS-UCSM4-1RU-K9; CPS-UCSM4-2RU-K9; KIN-UCSM5-1RU-K9; KIN-UCSM5-2RU-K9",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "BID",
"id": "105381"
},
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15427",
"trust": 2.9
},
{
"db": "BID",
"id": "105381",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041733",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-125685",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15427",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "BID",
"id": "105381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"id": "VAR-201810-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:56.288000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180921-vsm",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180921-vsm"
},
{
"title": "Multiple Cisco product Video Surveillance Manager Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85176"
},
{
"title": "Cisco: Cisco Video Surveillance Manager Appliance Default Password Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180921-vsm"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180921-vsm"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/105381"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041733"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15427"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15427"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "BID",
"id": "105381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "BID",
"id": "105381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-125685"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"date": "2018-09-21T00:00:00",
"db": "BID",
"id": "105381"
},
{
"date": "2019-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"date": "2018-10-05T14:29:11.420000",
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"date": "2018-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125685"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"date": "2018-09-21T00:00:00",
"db": "BID",
"id": "105381"
},
{
"date": "2019-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"date": "2019-10-09T23:35:36.110000",
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Video Surveillance Manager Vulnerability in the use of hard-coded credentials in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.