Details of VAR-201810-0597

ID

VAR-201810-0597

CVE

CVE-2018-15427

TITLE

Cisco Video Surveillance Manager Vulnerability in the use of hard-coded credentials in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-013490

DESCRIPTION

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Video Surveillance Manager (VSM) The software contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Video Surveillance Manager Appliance is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm52231. Cisco CPS-UCSM4-1RU-K9 and so on are the networked security and safety unified computing system platform of American Cisco Company. The following products are affected: Cisco CPS-UCSM4-1RU-K9; CPS-UCSM4-2RU-K9; KIN-UCSM5-1RU-K9; KIN-UCSM5-2RU-K9

Trust: 2.07

sources: NVD: CVE-2018-15427 // JVNDB: JVNDB-2018-013490 // BID: 105381 // VULHUB: VHN-125685 // VULMON: CVE-2018-15427

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.11.1	Trust: 1.9
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.11	Trust: 1.9
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.10	Trust: 1.9
vendor:	cisco	model:	video surveillance manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	connected safety and security unified computing system kin-ucsm5-2ru-k9	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	connected safety and security unified computing system kin-ucsm5-1ru-k9	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	connected safety and security unified computing system cps-ucsm4-2ru-k9	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	connected safety and security unified computing system cps-ucsm4-1ru-k9	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	video surveillance manager	scope:	ne	version:	7.12	Trust: 0.3

sources: BID: 105381 // JVNDB: JVNDB-2018-013490 // CNNVD: CNNVD-201809-1128 // NVD: CVE-2018-15427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15427
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-15427
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201809-1128
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-125685
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-15427
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-15427
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-125685
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15427
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125685 // VULMON: CVE-2018-15427 // JVNDB: JVNDB-2018-013490 // CNNVD: CNNVD-201809-1128 // NVD: CVE-2018-15427

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-125685 // JVNDB: JVNDB-2018-013490 // NVD: CVE-2018-15427

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1128

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201809-1128

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013490

PATCH

title:	cisco-sa-20180921-vsm	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm	Trust: 0.8
title:	Multiple Cisco product Video Surveillance Manager Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85176	Trust: 0.6
title:	Cisco: Cisco Video Surveillance Manager Appliance Default Password Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180921-vsm	Trust: 0.1

sources: VULMON: CVE-2018-15427 // JVNDB: JVNDB-2018-013490 // CNNVD: CNNVD-201809-1128

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15427	Trust: 2.9
db:	BID	id:	105381	Trust: 2.1
db:	SECTRACK	id:	1041733	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-013490	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-1128	Trust: 0.7
db:	VULHUB	id:	VHN-125685	Trust: 0.1
db:	VULMON	id:	CVE-2018-15427	Trust: 0.1

sources: VULHUB: VHN-125685 // VULMON: CVE-2018-15427 // BID: 105381 // JVNDB: JVNDB-2018-013490 // CNNVD: CNNVD-201809-1128 // NVD: CVE-2018-15427

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180921-vsm	Trust: 2.2
url:	http://www.securityfocus.com/bid/105381	Trust: 1.9
url:	http://www.securitytracker.com/id/1041733	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15427	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15427	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-125685 // VULMON: CVE-2018-15427 // BID: 105381 // JVNDB: JVNDB-2018-013490 // CNNVD: CNNVD-201809-1128 // NVD: CVE-2018-15427

CREDITS

Cisco

Trust: 0.9

sources: BID: 105381 // CNNVD: CNNVD-201809-1128

SOURCES

db:	VULHUB	id:	VHN-125685
db:	VULMON	id:	CVE-2018-15427
db:	BID	id:	105381
db:	JVNDB	id:	JVNDB-2018-013490
db:	CNNVD	id:	CNNVD-201809-1128
db:	NVD	id:	CVE-2018-15427

LAST UPDATE DATE

2024-11-23T22:00:16.433000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125685	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-15427	date:	2019-10-09T00:00:00
db:	BID	id:	105381	date:	2018-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-013490	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201809-1128	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15427	date:	2024-11-21T03:50:46.373

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125685	date:	2018-10-05T00:00:00
db:	VULMON	id:	CVE-2018-15427	date:	2018-10-05T00:00:00
db:	BID	id:	105381	date:	2018-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-013490	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201809-1128	date:	2018-09-26T00:00:00
db:	NVD	id:	CVE-2018-15427	date:	2018-10-05T14:29:11.420