CiscoCISCO-SA-20130930-CVE-2013-3417Cisco Video Surveillance Operations Manager Unauthenticated Access to Camera Video Feeds Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
72.2%
A vulnerability in the administrative web interface of the Cisco Video Surveillance Operations Manager could allow an unauthenticated, remote attacker to view camera video feeds.
The vulnerability is due to incomplete enforcement of authentication requirements. An attacker could exploit this vulnerability by browsing to a crafted URL on a vulnerable Video Surveillance Operations Manager.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside. This access requirement decreases the likelihood of a successful exploit.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | video_surveillance_operations_manager | any | cpe:2.3:a:cisco:video_surveillance_operations_manager:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
72.2%