Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-15427

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Published

2018-10-05T14:29:11.420

Last Modified

2024-11-21T03:50:46.373

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-798
  • Type: Primary
    CWE-798
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco video_surveillance_manager 7.10 Yes
Application cisco video_surveillance_manager 7.11 Yes
Application cisco video_surveillance_manager 7.11.1 Yes
Hardware cisco connected_safety_and_security_ucs_c220 - No
Hardware cisco connected_safety_and_security_ucs_c220 - No
Hardware cisco connected_safety_and_security_ucs_c220 - No
Hardware cisco connected_safety_and_security_ucs_c220 - No
References