Cisco Video Surveillance Products Multiple Authentication Vulnerabilities

Bugtraq ID:	25549
Class:	Access Validation Error
CVE:	CVE-2007-4747 CVE-2007-4746
Remote:	Yes
Local:	No
Published:	Sep 05 2007 12:00AM
Updated:	Jul 05 2016 10:00PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Cisco Video Surveillance SP/ISP Decoder Software 1.11 Cisco Video Surveillance SP/ISP 1.23.7 Cisco Video Surveillance IP Gateway Encoder/Decoder 1.8.1
Not Vulnerable:	Cisco Video Surveillance SP/ISP Decoder Software 1.16 Cisco Video Surveillance SP/ISP 1.26 Cisco Video Surveillance IP Gateway Encoder/Decoder 1.9.4

Cisco Video Surveillance Products Multiple Authentication Vulnerabilities

Multiple Cisco Video Surveillance products are prone to authentication vulnerabilities.

Attackers can exploit these issues to gain administrative privileges on affected devices.

These issues affect the following firmware versions (and earlier):

Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) 1.8.1
Cisco Video Surveillance SP/ISP Decoder Software 1.11.0
Cisco Video Surveillance SP/ISP 1.23.7

Cisco Video Surveillance Products Multiple Authentication Vulnerabilities

To exploit these issues, an attacker must connect remotely to an affected device. In some cases the attacker must have knowledge of default passwords.

Cisco Video Surveillance Products Multiple Authentication Vulnerabilities

Solution:
The vendor released an advisory and updates to address these issues. Please see the referenced advisory for more information.

Cisco Video Surveillance Products Multiple Authentication Vulnerabilities

References:

• Cisco Homepage (Cisco )
  
• Cisco Security Advisory: Cisco Video Surveillance IP Gateway and Services Platfo (Cisco Systems PSIRT)
  
• Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnera (Cisco)
  
• Cisco Video Surveillance IP Gateways Homepage ()