Patch/Configuration Management, Vulnerability Management

Cisco patches critical default password vulnerability

Cisco has issued a critical update for its Video Surveillance Manager (VSM) appliance to fix a default password vulnerability.

If exploited the vulnerability could allow an unauthenticated user to log in using the root account, which has default, static user credentials allowing the attacker to execute arbitrary commands as the root user, Cisco reported. The issue has been patched with VSM version 7.12, which can be downloaded here.

The issue, CVE-2018-15427, affects VSM versions 7.10, 7.11, and 7.11.1, but only when the software is preinstalled by Cisco and running on the following Cisco Connected Safety and Security Unified Computing System platforms:

  • CPS-UCSM4-1RU-K9
  • CPS-UCSM4-2RU-K9
  • KIN-UCSM5-1RU-K9
  • KIN-UCSM5-2RU-K9

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.