Details of VAR-201310-0518

ID

VAR-201310-0518

CVE

CVE-2013-5535

TITLE

Cisco Video Surveillance 4000 IP Vulnerability to view video feed on camera analysis page

Trust: 0.8

sources: JVNDB: JVNDB-2013-004727

DESCRIPTION

The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419. Vendors have confirmed this vulnerability Bug ID CSCuj70402 and CSCuj70419 It is released as.By using password information, a third party may be able to view the video feed. This vulnerability stems from the existence of an undisclosed user account that uses a hard-coded password. Attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the device. This issue is being tracked by Cisco Bug ID CSCuj70402 and CSCuj70419

Trust: 2.52

sources: NVD: CVE-2013-5535 // JVNDB: JVNDB-2013-004727 // CNVD: CNVD-2013-13795 // BID: 63013 // VULHUB: VHN-65537

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13795

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance 4500e ip camera	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	video surveillance 4300e ip camera	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	video surveillance 4000 ip camera	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	video surveillance 4000 series ip camera	scope:	lte	version:	3.2.2	Trust: 0.8
vendor:	cisco	model:	video surveillance 4300e ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance 4500e ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance series ip camera	scope:	eq	version:	4000	Trust: 0.6

sources: CNVD: CNVD-2013-13795 // JVNDB: JVNDB-2013-004727 // CNNVD: CNNVD-201310-318 // NVD: CVE-2013-5535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5535
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5535
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-13795
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-318
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65537
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5535
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13795
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65537
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13795 // VULHUB: VHN-65537 // JVNDB: JVNDB-2013-004727 // CNNVD: CNNVD-201310-318 // NVD: CVE-2013-5535

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-65537 // JVNDB: JVNDB-2013-004727 // NVD: CVE-2013-5535

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-318

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201310-318

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004727

PATCH

title:	Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5535	Trust: 0.8
title:	31256	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31256	Trust: 0.8
title:	Cisco Video Surveillance 4000 Series IP Camera Hardcoded Password Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/40281	Trust: 0.6

sources: CNVD: CNVD-2013-13795 // JVNDB: JVNDB-2013-004727

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5535	Trust: 3.4
db:	BID	id:	63013	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004727	Trust: 0.8
db:	CNVD	id:	CNVD-2013-13795	Trust: 0.6
db:	CISCO	id:	20131014 CISCO VIDEO SURVEILLANCE 4000 SERIES IP CAMERA DEFAULT CREDENTIAL VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-201310-318	Trust: 0.6
db:	VULHUB	id:	VHN-65537	Trust: 0.1

sources: CNVD: CNVD-2013-13795 // VULHUB: VHN-65537 // BID: 63013 // JVNDB: JVNDB-2013-004727 // CNNVD: CNNVD-201310-318 // NVD: CVE-2013-5535

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5535	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5535	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5535	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2013-13795 // VULHUB: VHN-65537 // BID: 63013 // JVNDB: JVNDB-2013-004727 // CNNVD: CNNVD-201310-318 // NVD: CVE-2013-5535

CREDITS

Cisco

Trust: 0.3

sources: BID: 63013

SOURCES

db:	CNVD	id:	CNVD-2013-13795
db:	VULHUB	id:	VHN-65537
db:	BID	id:	63013
db:	JVNDB	id:	JVNDB-2013-004727
db:	CNNVD	id:	CNNVD-201310-318
db:	NVD	id:	CVE-2013-5535

LAST UPDATE DATE

2025-04-11T23:18:53.227000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13795	date:	2013-10-18T00:00:00
db:	VULHUB	id:	VHN-65537	date:	2013-10-17T00:00:00
db:	BID	id:	63013	date:	2013-10-17T01:05:00
db:	JVNDB	id:	JVNDB-2013-004727	date:	2013-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201310-318	date:	2013-10-17T00:00:00
db:	NVD	id:	CVE-2013-5535	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13795	date:	2013-10-18T00:00:00
db:	VULHUB	id:	VHN-65537	date:	2013-10-16T00:00:00
db:	BID	id:	63013	date:	2013-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2013-004727	date:	2013-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201310-318	date:	2013-10-17T00:00:00
db:	NVD	id:	CVE-2013-5535	date:	2013-10-16T10:52:45.307