Cisco: We’ve killed another critical hard-coded root password bug, patch urgently

Cisco has supplied a patch for its Video Surveillance Manager software to erase hardcoded default credentials for the root account.

Admins responsible for appliances running Cisco’s surveillance software should urgently patch the flaw, which has a Common Vulnerability Scoring System (CVSS) version 3 score of 9.8 out of a possible 10.

The flaw would allow an attacker to control an affected system as root user if they discovered the default credentials.

Read more…
Source: ZDNet