Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in the Cisco Video Surveillance Manager

cisco-sa-20130724-vsm · Critical · Published · Updated

The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system. More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm

Cisco advisory ·CSAF JSON

Workarounds

The vulnerabilities described in this document can be mitigated or remediated by following the suggestions in the guide Securing Cisco Video Surveillance Manager Release 6.x: Best Practices and Recommendations http://www.cisco.com/en/US/partner/docs/security/physical_security/video_surveillance/network/design/bestprac.html and removing the Broadware sample code.

The Broadware package name differs by the version of Cisco VSM and can be removed by issuing the command:
rpm -e [package.rpm]
The following example shows Cisco VSM software version 6.3.2(20) with the removal command:
# rpm -qa | grep -i Cisco_VSBWT
Cisco_VSBWT-6.3.2-20
# rpm -e Cisco_VSBWT-6.3.2-20

CVEsCVE-2013-3429, CVE-2013-3430, CVE-2013-3431
Cisco Bug IDsCSCsv37163, CSCsv37288, CSCsv40169
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C
Base 9.0 AV:N/AC:L/Au:N/C:C/I:P/A:P/E:F/RL:OF/RC:C
Product Names From Source
Cisco Video Surveillance Operations Manager Software

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2013-3431 Cisco OpenVuln
Cisco RV Series Routers CVE-2013-3430 Cisco OpenVuln
Cisco RV Series Routers CVE-2013-3429 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2013-3431 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2013-3430 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2013-3429 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2013-3431 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2013-3430 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2013-3429 Cisco OpenVuln
Cisco Video Surveillance Operations Manager Software CVE-2013-3431 Cisco OpenVuln
Cisco Video Surveillance Operations Manager Software CVE-2013-3430 Cisco OpenVuln
Cisco Video Surveillance Operations Manager Software CVE-2013-3429 Cisco OpenVuln
Cisco Video Surveillance Manager CVE-2013-3431 Cisco OpenVuln
Cisco Video Surveillance Manager CVE-2013-3430 Cisco OpenVuln
Cisco Video Surveillance Manager CVE-2013-3429 Cisco OpenVuln