Title: Cisco Video Surveillance Products Multiple Authentication Vulnerabilities
Severity: CRITICAL
Description:
Cisco Video Surveillance products are used to record and manage video feeds as well as send the feeds over IP networks.
Multiple Cisco Video Surveillance products are prone to the following vulnerabilities:
- The Telnet server in the IP Gateway Encoder/Decoder firmware fails to prompt for authentication (Cisco Bug ID CSCsj31729).
- The Cisco Video Surveillance Services Platform and Integrated Services Platform uses default 'root' and 'sypixx' passwords that cannot be changed (Cisco Bug ID CSCsj34681).
Attackers can exploit these issues to gain administrative access to affected devices.
These issues affect the following firmware versions (and earlier):
Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) 1.8.1
Cisco Video Surveillance SP/ISP Decoder Software 1.11.0
Cisco Video Surveillance SP/ISP 1.23.7
Affected Products:
- Cisco Video Surveillance IP Gateway Encoder/Decoder 1.8.1
- Cisco Video Surveillance SP/ISP 1.23.7
- Cisco Video Surveillance SP/ISP Decoder Software 1.11.0
References:
- : Cisco Video Surveillance IP Gateways Homepage
- Cisco: Cisco Homepage
- Cisco: Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnera
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
