Cisco Video Surveillance Manager Appliance Default Password Vulnerability(cisco-sa-20180921-vsm)

critical Nessus Plugin ID 122249


The remote host is affected by a default password vulnerability


According to its self-reported version, the version of Cisco Video Surveillance Manager installed on the remote host is affected by a default password vulnerability. An attacker could exploit this vulnerability to login as the 'root' user and execute arbitrary commands.


Upgrade to Cisco Video Surveillance Manager 7.12 or later. Alternatively customers who do not want to upgrade to 7.12 should contact Cisco TAC for further assistance

See Also

Plugin Details

Severity: Critical

ID: 122249

File Name: cisco-sa-20180921-vsm.nasl

Version: 1.2

Type: remote

Family: CISCO

Published: 2/15/2019

Updated: 10/31/2019

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2018-15427


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:video_surveillance_manager

Required KB Items: installed_sw/Cisco Video Surveillance Management Console

Exploit Ease: No known exploits are available

Patch Publication Date: 9/21/2018

Vulnerability Publication Date: 9/21/2018

Reference Information

CVE: CVE-2018-15427

BID: 105381

CISCO-SA: cisco-sa-20180921-vsm

IAVA: 2019-A-0057