Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera.

The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the analytics pages of the Cisco Video Surveillance 4000 Series IP Camera using the hard-coded credentials. An exploit could allow the attacker to view the analytics page, which contains a view of the video feed.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside. This access requirement decreases the likelihood of a successful exploit.