---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Cisco Small Business Video Surveillance and Security Routers Security Bypass SECUNIA ADVISORY ID: SA39510 VERIFY ADVISORY: http://secunia.com/advisories/39510/ DESCRIPTION: A vulnerability has been reported in Cisco Small Business Video Surveillance Cameras and Security Routers, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability exists in the handling of requests to the web-based management interface, which can be exploited to view the device's configuration data (e.g. user passwords) via a specially crafted URL. Successful exploitation requires "setup" privileges on the WVC200 and WVC210 models and administrative privileges on the RVS4000 model. The vulnerability is reported in: * Cisco PVC2300 Business Internet Video Camera - Audio/PoE * Cisco WVC200 Wireless-G PTZ Internet Video Camera - Audio * Cisco WVC210 Wireless-G PTZ Internet Video Camera - 2-way Audio * Cisco WVC2300 Wireless-G Business Internet Video Camera - Audio * Cisco RVS4000 4-port Gigabit Security Router SOLUTION: Update to the fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100421-vsc.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------