vendor:
Video Surveillance Operations Manager
by:
SecurityFocus
7,5
CVSS
HIGH
Multiple local file-include vulnerabilities, security-bypass vulnerability, multiple cross-site scripting vulnerabilities
94, 264, 79
CWE
Product Name: Video Surveillance Operations Manager
Affected Version From: 6.3.2
Affected Version To: 6.3.2
Patch Exists: YES
Related CWE: N/A
CPE: a:cisco:video_surveillance_operations_manager
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
Cisco Video Surveillance Operations Manager Multiple Vulnerabilities
Cisco Video Surveillance Operations Manager is prone to multiple security vulnerabilities, including multiple local file-include vulnerabilities, a security-bypass vulnerability, and multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to bypass certain security restrictions to perform unauthorized actions, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the affected application. Cisco Video Surveillance Operations Manager 6.3.2 is vulnerable; other versions may also be affected.
Mitigation:
Users should apply the appropriate updates to help mitigate the risk of exploitation.
