Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-2046 to a friend New vulnerability? New tool? Tell us	CVE-2009-2046 Cisco Video Surveillance Products Denial of Service     Credit: The information has been provided by Cisco PSIRT. The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20090624-video.shtml Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-2046 Details Check for CVE-2009-2046 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Services Platform versions prior to 5.3  * Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Integrated Services Platform versions prior to 5.3  * Cisco Video Surveillance 2500 Series IP Camera firmware versions prior to 2.1 Cisco Video Surveillance Services Platforms and Cisco Video Surveillance Integrated Services Platforms are vulnerable to a DoS condition. An attacker could exploit this vulnerability by sending a crafted packet to UDP port 37000, which could cause the crash of a critical process and result in a system reboot. This vulnerability is documented in Cisco Bug ID CSCsj47924 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-2045. Cisco Video Surveillance 2500 Series IP Cameras contain an information disclosure vulnerability. An authenticated user may be able to access a vulnerable camera and view any file through the embedded web server on TCP ports 80 (HTTP) and/or 443 (HTTPS), depending on the camera configuration. Patch Availability: Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090624-video.shtml Workarounds Although there are no workarounds for these vulnerabilities, it is possible to mitigate the vulnerabilities through the use of network filters. Administrators are advised to restrict access to UDP port 37000 on vulnerable Cisco Video Surveillance Services Platform and Integrated Services Platform systems to trusted hosts. On Cisco Video Surveillance 2500 Series IP Cameras, administrators are advised to restrict access to TCP ports 80 and 443 to trusted hosts. Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090624-video.shtml CVE Information: CVE-2009-2046  Comments on CVE-2009-2046:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®