Cisco issued a critical security update that fixes a default password vulnerability (CVE-2018-15427) in its Video Surveillance Manager software.
An excerpt of the threat provided by Cisco:
“A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials.
According to Cisco, there is an “undocumented, default, static user credentials for the root account” affecting impacted systems. A hacker could then exploit the vulnerability by using the default account to login to an impacted system and execute commands as root user.
The bug is rated critical and has a CVSS score of 9.8 (10 being the highest).
Check out the Cisco security advisory to review affected versions and steps to update Cisco software.