====================================================================


                             CERT-Renater

                 Note d'Information No. 2018/VULN293
_____________________________________________________________________

DATE                : 24/09/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Video Surveillance Manager
                       Appliance Software versions 7.10, 7.11, 7.11.1.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm
_____________________________________________________________________

Cisco Security Advisory: Cisco Video Surveillance Manager Appliance
Default Password Vulnerability

Advisory ID: cisco-sa-20180921-vsm

Revision: 1.0

For Public Release: 2018 September 21 16:00 GMT

Last Updated: 2018 September 21 16:00 GMT

CVE ID(s): CVE-2018-15427

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in Cisco Video Surveillance Manager (VSM) Software
running on certain Cisco Connected Safety and Security Unified Computing
System (UCS) platforms could allow an unauthenticated, remote attacker
to log in to an affected system by using the root account, which has
default, static user credentials.

The vulnerability is due to the presence of undocumented, default,
static user credentials for the root account of the affected software on
certain systems. An attacker could exploit this vulnerability by using
the account to log in to an affected system. A successful exploit could
allow the attacker to log in to the affected system and execute
arbitrary commands as the root user.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm"]


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================