Vulnerability affecting the Media Gateway role of Security Center

A high-security vulnerability which can lead to the disclosure of video data has been discovered for the Genetec Security Center product line. This vulnerability has been disclosed privately by a third-party organization hired by Genetec to conduct penetration tests on Security Center. There is currently no evidence of this vulnerability being exploited to attack Security Center systems.

Risk assessment

This vulnerability affects the Media Gateway role in its default configuration and can be used to access video data in an unauthorized fashion via the RTSP protocol. An attacker can leverage this vulnerability to retrieve any video data stored in the system or currently being streamed by a camera. The CVSS v3.0 base score for this vulnerability is 7.5 (High).

Details

The Media Gateway role is automatically created when the Web Client Server role is created. Alternatively, the role can also be created manually. Upon creation, a default user is set up without a password. This user has access to all cameras. An attacker can use those credentials to access the video feeds. Systems for which the Media Gateway role is not created or for which the role is deactivated are unaffected by this vulnerability.

This vulnerability affects Security Center 5.6 and some 5.7 versions. Security Center 5.8 and all of the cloud services managed by Genetec are not affected by this vulnerability. See the table below for more details.

Recommendation

Genetec recommends updating to Security Center 5.8 or Security Center 5.7 SR6 to correct the vulnerability.

Alternatively, since the vulnerability is introduced by a configuration issue, it is also possible to set a strong password for this user in the properties page of the Media Gateway role to correct the issue. No changes are required in the Web Client Server role after this configuration change.

See KBA-78996 explaining how to modify the authorized user list of the Media Gateway Role for more details.

Workarounds

If the security patches or the configuration changes can’t be applied in a timely fashion, it is possible to block the Media Gateway listening port at the enterprise perimeter firewall. The default port value is 654.

Affected products

Product

Affected?

Details

Security Center 5.8

No


RTSP interface of the Media Gateway Role is disabled by default.

Security Center 5.7 SR6

No


On Upgrade: default user without a password is deleted if it exists

On fresh install: No default user created

Security Center 5.7 GA to SR5

Yes, if Media Gateway Role is enabled with default config


Please update to 5.7 SR6, 5.8, or set a strong password for the default user

Security Center 5.6

Yes, if Media Gateway Role is enabled with default config


Please update to 5.7 SR6, 5.8, or set a strong password for the default user

Security Center 5.5

Yes, if Media Gateway role is created manually and used with default config


The Web Client does not use the Media Gateway role does not exist

Security Center 5.4

No


Media Gateway Role does not exist

Security Center 5.3

No


Media Gateway Role does not exist

Security Center 5.2

No


Media Gateway Role does not exist

Security Center SaaS Edition

No


N/A

To log in to the Genetec Portal, you must be a Security Center user with the appropriate credentials.  If you do not have access credentials, please contact channelsales@genetec.com.

For more information or assistance please log in to the Genetec Technical Assistance Portal (GTAP) to open a ticket.
 

Previous Article
Building a network of trusted partners
Building a network of trusted partners

Learn about the importance of partnering with trusted security vendors.

Next Article
5 reasons to intern at Genetec
5 reasons to intern at Genetec

Did you know that one in five interns at Genetec eventually join our company as full-time employees? Find o...