A remote user can obtain potentially sensitive information and modify some configuration settings. A remote user can exploit this to create, modify, and remove camera feeds, archives, logs, and users.
Cisco Video Surveillance Manager 7.1, 7.5
Two vulnerabilities were reported in Cisco Video Surveillance Manager
The vulnerability is due to an access control error that occurred. The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system. When the attacker has full access it can supply a specially crafted URL to access sensitive system files. The attacker can access pages that do not require authentication, including configuration, monitoring pages archives, and system logs.
A remote user can obtain potentially sensitive information.
The vendor has issued a fix (7.0.1)