cbcvebase.
CVE-2018-15427
published 2018-10-05

CVE-2018-15427: A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS)…

PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.83%
93.2th percentile
A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Affected

5 ranges
VendorProductVersion rangeFixed in
ciscocisco_video_surveillance_manager
ciscovideo_surveillance_manager
ciscovideo_surveillance_manager
ciscovideo_surveillance_manager
ciscovideo_surveillance_manager_appliance_default_password

Detection & IOCsextracted from sources · hover to see the quote

  • Detect login attempts using the default static root account credentials on Cisco VSM appliances running on Cisco Connected Safety and Security UCS platforms
  • Monitor for unauthenticated remote root logins on Cisco VSM UCS appliances; the vulnerability involves undocumented, default, static credentials for the root account
  • ·Vulnerability only affects Cisco VSM Software running on certain Cisco Connected Safety and Security UCS platforms, not all VSM deployments
  • ·There are no workarounds available; patching via Cisco software updates is the only remediation

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.