CVE-2013-5535

The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5535	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5535	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:video_surveillance_4000_ip_camera:-:::::::*
	cpe:2.3:h:cisco:video_surveillance_4300e_ip_camera:-:::::::*
	cpe:2.3:h:cisco:video_surveillance_4500e_ip_camera:-:::::::*

History

21 Nov 2024, 01:57

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5535 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5535 - Vendor Advisory

Information

Published : 2013-10-16 10:52

Updated : 2024-11-21 01:57

NVD link : CVE-2013-5535

Mitre link : CVE-2013-5535

CVE.ORG link : CVE-2013-5535

JSON object : View

Products Affected

cisco

video_surveillance_4300e_ip_camera
video_surveillance_4000_ip_camera
video_surveillance_4500e_ip_camera

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2013-5535", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-16T10:52:45.307", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5535", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5535", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419."}, {"lang": "es", "value": "La p\u00e1gina de anal\u00edticas en c\u00e1maras IP Cisco Video Surveillance 4000 tiene credenciales embebidas en el c\u00f3digo, lo que permite a atacantes remotos ver el streaming de video aprovechando el conocimiento de la contrase\u00f1a, tambien conocido como Bug ID SCuj70402 y CSCuj70419."}], "lastModified": "2024-11-21T01:57:39.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:video_surveillance_4000_ip_camera:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7725752F-91EE-4BDA-83A7-3830ED6D0791"}, {"criteria": "cpe:2.3:h:cisco:video_surveillance_4300e_ip_camera:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABE86502-7BBF-43C5-BFF2-0BF4E2D3C0C6"}, {"criteria": "cpe:2.3:h:cisco:video_surveillance_4500e_ip_camera:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0F88241-1468-4C3C-A4AF-513B7FAE85B0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}