AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
-
Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-port Gigabit Security Routers contain a vulnerability that could allow an authenticated user to view passwords for other users, regardless of the authenticated user's level of authorization.
An unprivileged user could take advantage of this vulnerability to gain full administrative access on the device or view another user's credentials.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available on some devices.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100421-vsc.
-
Vulnerable Products
This vulnerability affects the Cisco RVS4000 4-port Gigabit Security Router and all Cisco Small Business Video Surveillance Cameras, except for the Cisco PVC300 Pan Tilt Optical Zoom Camera. These cameras are affected:
-
Cisco PVC2300 Business Internet Video Camera - Audio/PoE
-
Cisco WVC200 Wireless-G PTZ Internet Video Camera - Audio
-
Cisco WVC210 Wireless-G PTZ Internet Video Camera - 2-way
Audio
-
Cisco WVC2300 Wireless-G Business Internet Video Camera -
Audio
Products Confirmed Not Vulnerable
The Cisco PVC300 Pan Tilt Optical Zoom Camera and Cisco Small Business cameras are not affected by this vulnerability.
No other Cisco cameras or products are currently known to be affected by this vulnerability.
-
Cisco PVC2300 Business Internet Video Camera - Audio/PoE
-
Cisco Small Business Video Surveillance Cameras are a component of network-based, physical security solutions. More information on the surveillance cameras can be found at this link: http://www.cisco.com/cisco/web/solutions/small_business/products/security/small_business_video_surveillance_cameras/index.html
The Small Business Video Surveillance Cameras are connected to an IP network and are remotely accessible for both surveillance and device management. An administrator can restrict a user's ability to manage the device, allowing the user to employ the camera for surveillance only.
The Cisco RVS4000 Gigabit Security Router delivers high-speed network access and IPsec VPN capabilities for as many as five users. The Cisco RVS4000 also provides firewall and intrusion prevention capabilities. More information on the Cisco RVS4000 Gigabit Security Router can be found at this link: http://www.cisco.com/en/US/products/ps9928/index.html
A user on the PVC2300 and WVC2300 cameras can use a specifically crafted URL to bypass any restrictions that are configured to prevent the device configuration from being viewed. The user could then view the passwords for all users on the device.
A user on the WVC200 and WVC210 camera must have been granted setup privileges to take advantage of this vulnerability to view the passwords. The ability to configure setup privileges is not available on the other devices affected by this vulnerability.
Administrative users on the RVS4000 router may be able to view the passwords of other administrative users.
This vulnerability is documented in Cisco bug ID CSCte64726 ( registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0593.
-
There are no workarounds for the RVS4000, PVC2300, and WVC2300 cameras.
On the WVC200 and WVC210 cameras, make sure that only trusted users are given setup privileges.
-
To determine the software version running on a camera, administrators can click the "About" tab at the top-right of the device user interface. The software version information can be obtained on the System Status page under the "Status" tab.
The latest camera software can be downloaded at https://sec.cloudapps.cisco.com/support/downloads/go/Redirect.x?mdfid=282414029 ( registered customers only) .
The software version of the RVS4000 is displayed on the main router page displayed after users log in.
The latest RVS4000 software can be downloaded at https://sec.cloudapps.cisco.com/support/downloads/pub/Redirect.x?mdfid=282413304 ( registered customers only) .
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Small Business Support Center or your contracted maintenance provider for assistance.
Product
First Fixed Version
PVC2300
1.1.2.6
WVC200
1.2.2.0
WVC210
1.1.0.15
WVC2300
1.1.2.6
RVS4000
1.3.2.0
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
Cisco would like to thank Eljakim Schrijvers of Eljakim Information Technology bv, for reporting this vulnerability to us and for working with us on the disclosure.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.1
2010-May-17
Updated First Fixed Version in the software table for WVC200 and WVC210. Also added content to "Exploitation and Public Announcements" section.
Revision 1.0
2010-April-21
Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.