VAR-201810-0597
Vulnerability from variot - Updated: 2023-12-18 13:23A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Video Surveillance Manager (VSM) The software contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Video Surveillance Manager Appliance is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm52231. Cisco CPS-UCSM4-1RU-K9 and so on are the networked security and safety unified computing system platform of American Cisco Company. The following products are affected: Cisco CPS-UCSM4-1RU-K9; CPS-UCSM4-2RU-K9; KIN-UCSM5-1RU-K9; KIN-UCSM5-2RU-K9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "7.11.1"
},
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "7.11"
},
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "video surveillance manager",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "connected safety and security unified computing system kin-ucsm5-2ru-k9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "connected safety and security unified computing system kin-ucsm5-1ru-k9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "connected safety and security unified computing system cps-ucsm4-2ru-k9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "connected safety and security unified computing system cps-ucsm4-1ru-k9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "video surveillance manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.12"
}
],
"sources": [
{
"db": "BID",
"id": "105381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:connected_safety_and_security_ucs_c220:-:*:*:*:*:*:m5_2-ru:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:connected_safety_and_security_ucs_c220:-:*:*:*:*:*:m4_2-ru:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:connected_safety_and_security_ucs_c220:-:*:*:*:*:*:m4_1-ru:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:connected_safety_and_security_ucs_c220:-:*:*:*:*:*:m5_1-ru:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15427"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "105381"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
],
"trust": 0.9
},
"cve": "CVE-2018-15427",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-15427",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-125685",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15427",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15427",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1128",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125685",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-15427",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Video Surveillance Manager (VSM) The software contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Video Surveillance Manager Appliance is prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCvm52231. Cisco CPS-UCSM4-1RU-K9 and so on are the networked security and safety unified computing system platform of American Cisco Company. The following products are affected: Cisco CPS-UCSM4-1RU-K9; CPS-UCSM4-2RU-K9; KIN-UCSM5-1RU-K9; KIN-UCSM5-2RU-K9",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "BID",
"id": "105381"
},
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15427",
"trust": 2.9
},
{
"db": "BID",
"id": "105381",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041733",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-125685",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15427",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "BID",
"id": "105381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"id": "VAR-201810-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:56.288000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180921-vsm",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180921-vsm"
},
{
"title": "Multiple Cisco product Video Surveillance Manager Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85176"
},
{
"title": "Cisco: Cisco Video Surveillance Manager Appliance Default Password Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180921-vsm"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180921-vsm"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/105381"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041733"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15427"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15427"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "BID",
"id": "105381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125685"
},
{
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"db": "BID",
"id": "105381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-125685"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"date": "2018-09-21T00:00:00",
"db": "BID",
"id": "105381"
},
{
"date": "2019-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"date": "2018-10-05T14:29:11.420000",
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"date": "2018-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125685"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15427"
},
{
"date": "2018-09-21T00:00:00",
"db": "BID",
"id": "105381"
},
{
"date": "2019-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013490"
},
{
"date": "2019-10-09T23:35:36.110000",
"db": "NVD",
"id": "CVE-2018-15427"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Video Surveillance Manager Vulnerability in the use of hard-coded credentials in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013490"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1128"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…