VDB
CVE-2018-15427
CVE-2018-15427
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
EPSS 7.17% · 91.7th percentile
Risk Scores
CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
7.17%
91.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Video Surveillance Manager | n/a |
| cisco | video_surveillance_manager | 7.11, 7.11.1, 7.10 |
| Cisco | N/A |
Exploit Intelligence
- 105381 (circl)
- 20180921 Cisco Video Surveillance Manager Appliance Default Password Vulnerability (circl)
- 1041733 (circl)
Timeline
- Sep 21, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 13, 2023 EPSS Score