Multiple Vulnerabilities in the Cisco Video Surveillance Manager

2013-07-24T16:00:00
ID CISCO-SA-20130724-VSM
Type cisco
Reporter Cisco
Modified 2013-07-24T15:17:03

Description

A vulnerability in Cisco Video Surveillance Manager (VSM) could allow an unauthenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive information.

The vulnerability is due to improper validation of user-supplied input processed by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by convincing a targeted user to follow a crafted URL. If successful, the attacker could launch directory traversal attacks on the targeted device and access sensitive information from arbitrary files on the system. The attacker could use the information to conduct further attacks.

A vulnerability in Cisco Video Surveillance Manager (VSM) could allow an unauthenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to insufficient authentication protections imposed by the affected software. An unauthenticated, remote attacker could exploit this vulnerability to gain access to sensitive information, such as configuration files, monitoring pages archives, and system logs. If successful, the attacker could use the information to conduct further attacks.

The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.

More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html["http://www.cisco.com/en/US/products/ps10818/index.html"].

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm"]