Vulnerable Systems:
* Cisco RVS4000 4-port Gigabit Security Router
* Cisco Small Business Video Surveillance Cameras
* Cisco PVC2300 Business Internet Video Camera - Audio/PoE
* Cisco WVC200 Wireless-G PTZ Internet Video Camera - Audio
* Cisco WVC210 Wireless-G PTZ Internet Video Camera - 2-way Audio
* Cisco WVC2300 Wireless-G Business Internet Video Camera - Audio
Immune Systems:
* Cisco PVC300 Pan Tilt Optical Zoom Camera
* Cisco Small Business cameras are not affected by this vulnerability.
Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-port Gigabit Security Routers contain a vulnerability that could allow an authenticated user to view passwords for other users, regardless of the authenticated user's level of authorization. An unprivileged user could take advantage of this vulnerability to gain full administrative access on the device or view another user's credentials.
The Small Business Video Surveillance Cameras are connected to an IP network and are remotely accessible for both surveillance and device management. An administrator can restrict a user's ability to manage the device, allowing the user to employ the camera for surveillance only.
The Cisco RVS4000 Gigabit Security Router delivers high-speed network access and IPsec VPN capabilities for as many as five users. The Cisco RVS4000 also provides firewall and intrusion prevention capabilities. More information on the Cisco RVS4000 Gigabit Security Router can be found at this link: http://www.cisco.com/en/US/products/ps9928/index.html
A user on the PVC2300 and WVC2300 cameras can use a specifically crafted URL to bypass any restrictions that are configured to prevent the device configuration from being viewed. The user could then view the passwords for all users on the device.
A user on the WVC200 and WVC210 camera must have been granted setup privileges to take advantage of this vulnerability to view the passwords. The ability to configure setup privileges is not available on the other devices affected by this vulnerability.
Administrative users on the RVS4000 router may be able to view the passwords of other administrative users.
Patch Availability:
To determine the software version running on a camera, administrators can click the "About" tab at the top-right of the device user interface. The software version information can be obtained on the System Status page under the "Status" tab.
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
Workaround:
There are no workarounds for the RVS4000, PVC2300, and WVC2300 cameras.
On the WVC200 and WVC210 cameras, make sure that only trusted users are given setup privileges.
