|
|
|
|
| |
Credit:
The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20100421-vsc.shtml
|
| |
Vulnerable Systems:
* Cisco RVS4000 4-port Gigabit Security Router
* Cisco Small Business Video Surveillance Cameras
* Cisco PVC2300 Business Internet Video Camera - Audio/PoE
* Cisco WVC200 Wireless-G PTZ Internet Video Camera - Audio
* Cisco WVC210 Wireless-G PTZ Internet Video Camera - 2-way Audio
* Cisco WVC2300 Wireless-G Business Internet Video Camera - Audio
Immune Systems:
* Cisco PVC300 Pan Tilt Optical Zoom Camera
* Cisco Small Business cameras are not affected by this vulnerability.
Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-port Gigabit Security Routers contain a vulnerability that could allow an authenticated user to view passwords for other users, regardless of the authenticated user's level of authorization. An unprivileged user could take advantage of this vulnerability to gain full administrative access on the device or view another user's credentials.
Cisco Small Business Video Surveillance Cameras are a component of network-based, physical security solutions. More information on the surveillance cameras can be found at this link: http://www.cisco.com/cisco/web/solutions/small_business/products/security/small_business_video_surveillance_cameras/index.html
The Small Business Video Surveillance Cameras are connected to an IP network and are remotely accessible for both surveillance and device management. An administrator can restrict a user's ability to manage the device, allowing the user to employ the camera for surveillance only.
The Cisco RVS4000 Gigabit Security Router delivers high-speed network access and IPsec VPN capabilities for as many as five users. The Cisco RVS4000 also provides firewall and intrusion prevention capabilities. More information on the Cisco RVS4000 Gigabit Security Router can be found at this link: http://www.cisco.com/en/US/products/ps9928/index.html
A user on the PVC2300 and WVC2300 cameras can use a specifically crafted URL to bypass any restrictions that are configured to prevent the device configuration from being viewed. The user could then view the passwords for all users on the device.
A user on the WVC200 and WVC210 camera must have been granted setup privileges to take advantage of this vulnerability to view the passwords. The ability to configure setup privileges is not available on the other devices affected by this vulnerability.
Administrative users on the RVS4000 router may be able to view the passwords of other administrative users.
Patch Availability:
To determine the software version running on a camera, administrators can click the "About" tab at the top-right of the device user interface. The software version information can be obtained on the System Status page under the "Status" tab.
The latest camera software can be downloaded at http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=282414029 ( registered customers only) .
The software version of the RVS4000 is displayed on the main router page displayed after users log in.
The latest RVS4000 software can be downloaded at http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=282413304 ( registered customers only).
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
Workaround:
There are no workarounds for the RVS4000, PVC2300, and WVC2300 cameras.
On the WVC200 and WVC210 cameras, make sure that only trusted users are given setup privileges.
CVE Information:
CVE-2010-0593
Disclosure Timeline:
2010-April-21: Initial public release.
|
|
|
|
|
