By A harmful flaw fixed recently in the Cisco Video Surveillance Manager could let an unverified hacker to log in as base. Cisco exposed the security vulnerability on Friday, influences merely the Video Surveillance Manager software functioning on definite Connected Safety and Security Unified Computing System platforms.
The problem, the organization states that it dwells in the existence of default, stable credentials for the base account. The credentials used for the account are not recorded and merely influence particular systems, the organization underlines. A hacker efforting the flaw could log in to the impacted systems and penalize absolute commands as the base user.
Cisco discloses the bug, influences Video Surveillance Manager Software announces 7.10, 7.11, and 7.11.1. The problem, yet, merely shows if the software was pre-installed by Cisco and merely effects the CPS-UCSM4-1RU-K9, CPS-UCSM4-2RU-K9, KIN-UCSM5-1RU-K9, and KIN-UCSM5-2RU-K9 Connected Safety and Security UCS platforms.
“This vulnerability exists because the root account of the affected software was not disabled before Cisco installed the software on the vulnerable platforms, and default, static user credentials exist for the account. The user credentials are not documented publicly,” Cisco notes in an advisory.
Video Surveillance Manager Software announces 7.9 and the earlier ones are not influenced by the flaw. Video Surveillance Manager delivers 7.10, 7.11, and 7.11.1 functioning on CPS-UCSM4-1RU-K9 and CPS-UCSM4-1RU-K9 platforms aren’t effected either if they were applied and installed as upgrades to a preinstalled accomplished 7.9. Video Surveillance Manager on the VMware ESXi platform never effected either.
There are no specific workarounds for such flaw and impacted users are recommended to upgrade to Video Surveillance Manager Release 7.12 to fix it. Those who never require to upgrade should interact the Cisco TAC for advancing assistance.
“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability,” Cisco also notes.
