Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (Generic)  >   Cisco Video Surveillance Software Vendors:   Cisco
Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1028827
SecurityTracker URL:
CVE Reference:   CVE-2013-3429, CVE-2013-3430, CVE-2013-3431   (Links to External Site)
Date:  Jul 24 2013
Impact:   Disclosure of system information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Two vulnerabilities were reported in Cisco Video Surveillance Manager. A remote user can obtain potentially sensitive information and modify some configuration settings.

A remote user can supply a specially crafted URL to access sensitive system files [CVE-2013-3429]. The vendor has assigned bug ID CSCsv37163 to this vulnerability.

A remote user can access pages that do not require authentication, including configuration, monitoring pages archives, and system logs [CVE-2013-3430, CVE-2013-3431]. A remote user can exploit this to create, modify, and remove camera feeds, archives, logs, and users. The vendor has assigned bug IDs CSCsv37288 and CSCsv40169 to this vulnerability.

Basem Saleh reported these vulnerabilities.

Impact:   A remote user can obtain potentially sensitive information.

A remote user can create, modify, and remove camera feeds, archives, logs, and users.

Solution:   The vendor has issued a fix (7.0.1).

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

Date:  Wed, 24 Jul 2013 12:05:37 -0400
Subject:  [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Video Surveillance Manager

Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Video Surveillance Manager

Advisory ID: cisco-sa-20130724-vsm

Revision 1.0

For Public Release 2013 July 24 16:00  UTC (GMT)



The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.

More information on Cisco VSM can be found at

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is available at the following link:
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2015, LLC