Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in the Cisco Video Surveillance Manager |
Informations | |||
---|---|---|---|
Name | cisco-sa-20130724-vsm | First vendor Publication | 2013-07-24 |
Vendor | Cisco | Last vendor Modification | 2013-07-24 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 8.5 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system. More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.19 (Darwin) iF4EAREKAAYFAlHv3iUACgkQUddfH3/BbTrV2wD8DLMSP/vWdottEKUxbtuV1oQ +tq7vz7Be9Q5mKn74ZsoA/1R7qkDcrmeKQTuBky432DtScteMcfbys0vD9pcQYoqU =HloY END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-287 | Improper Authentication |
33 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-08-01 | IAVM : 2013-A-0148 - Multiple Vulnerabilities in Cisco Video Surveillance Manager Severity : Category I - VMSKEY : V0039816 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-07-13 | Cisco Video Surveillance Operations Manager directory traversal attempt RuleID : 39172 - Revision : 2 - Type : SERVER-WEBAPP |
2016-07-13 | Cisco Video Surveillance Operations Manager directory traversal attempt RuleID : 39171 - Revision : 2 - Type : SERVER-WEBAPP |
2016-07-13 | Cisco Video Surveillance Operations Manager directory traversal attempt RuleID : 39170 - Revision : 2 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-12 | Name : The remote host is missing a vendor-supplied security patch. File : cisco-sa-20130724-vsm.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:10 |
|
2013-11-11 12:37:33 |
|
2013-07-25 21:23:38 |
|
2013-07-25 17:19:25 |
|