Cisco-SA-20131015-CVE-2013-5535

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

Cisco-SA-20131015-CVE-2013-5535 · Medium · Published 12 years ago · Updated 12 years ago

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the analytics pages of the Cisco Video Surveillance 4000 Series IP Camera using the hard-coded credentials. An exploit could allow the attacker to view the analytics page, which contains a view of the video feed. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside. This access requirement decreases the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEs	CVE-2013-5535
Cisco Bug IDs	CSCuj70402, CSCuj70419
CVSS Score	Base 6.4 Base 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C
Product Names From Source	Cisco Video Surveillance 4000 Series IP Camera

Related Products

Product	CVE	Evidence
Cisco Video Surveillance 4000 Series IP Camera	CVE-2013-5535	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

Workarounds

Related Products