Secunia Security Advisory - A vulnerability has been reported in Cisco Small Business Video Surveillance Cameras and Security Routers, which can be exploited by malicious users to bypass certain security restrictions.
57587ef029c1c7dbd3d3cab5d42565435ec5bbf867f145fa31c6814dea718e15
----------------------------------------------------------------------
Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Cisco Small Business Video Surveillance and Security Routers Security
Bypass
SECUNIA ADVISORY ID:
SA39510
VERIFY ADVISORY:
http://secunia.com/advisories/39510/
DESCRIPTION:
A vulnerability has been reported in Cisco Small Business Video
Surveillance Cameras and Security Routers, which can be exploited by
malicious users to bypass certain security restrictions.
The vulnerability exists in the handling of requests to the web-based
management interface, which can be exploited to view the device's
configuration data (e.g. user passwords) via a specially crafted
URL.
Successful exploitation requires "setup" privileges on the WVC200 and
WVC210 models and administrative privileges on the RVS4000 model.
The vulnerability is reported in:
* Cisco PVC2300 Business Internet Video Camera - Audio/PoE
* Cisco WVC200 Wireless-G PTZ Internet Video Camera - Audio
* Cisco WVC210 Wireless-G PTZ Internet Video Camera - 2-way Audio
* Cisco WVC2300 Wireless-G Business Internet Video Camera - Audio
* Cisco RVS4000 4-port Gigabit Security Router
SOLUTION:
Update to the fixed version (please see the vendor's advisories for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20100421-vsc.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------