Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability

Cisco-SA-20141217-CVE-2014-8006 · Medium · Published · Updated

An issue in Disaster Recovery (DRA) mode of the Cisco ISB8320-E High-Definition IP-Only DVR could allow an unauthenticated, remote attacker to access the device via telnet without authentication for the duration of the recovery boot. The issue is due to the disaster recovery process. An attacker could exploit this vulnerability by attempting to access the device via telnet during the disaster recovery mode period of execution. An exploit could allow the attacker to obtain access to the device via unauthenticated telnet. Functional code that exploits this vulnerability is publicly available. Cisco has confirmed the vulnerability but updated software is not available. To exploit the vulnerability, the attacker may need to have access to trusted or internal networks to be able to connect to the targeted system. This access requirement could limit the likelihood of a successful exploit.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-8006
Cisco Bug IDsCSCup85422
CVSS ScoreBase 6.6
Base 6.6 AV:N/AC:H/Au:N/C:P/I:P/A:C/E:F/RL:U/RC:C
Product Names From Source
Cisco ISB8320-E IP Only DVR

Related Products

Product CVE Evidence
Cisco ISB8320-E IP Only DVR CVE-2014-8006 Cisco OpenVuln