Cisco Video Surveillance Manager (VSM) is a software that allows operations managers and system integrators to build customised video surveillance networks.
Cisco has released a security patch to address a critical vulnerability found in its Cisco VSM software. This is an undocumented default system administrator account called “root”, which had an unremoved default password. A remote attacker could exploit this to gain unauthorised access into an affected system.
This critical vulnerability has been assigned as CVE-2018-15427 with a Common Vulnerability Score System (CVSS) severity base score of 9.8 out of 10.
This vulnerability affects Cisco Video Surveillance Manager (VSM) Software Releases 7.10, 7.11, and 7.11.1 if pre-installed by Cisco and running on the following Cisco-connected Safety and Security Unified Computing System (UCS) platforms:
A successful exploit allows a remote attacker unauthorised access into the affected system and permission to execute arbitrary commands such as “root” , which could result in a complete compromise of the system.
System administrators using the affected software versions should install the latest security updates available at https://software.cisco.com/download/home/282976740/type/281933881/release/7.11.1 immediately.