In the 2011, Cisco subcontractor turned whistleblower, James Glenn, accused Cisco of continue selling a video surveillance technology to federal agencies after knowing that the software was vulnerable to multiple security flaws.
Cisco Video Surveillance Manager (VSM) suite allows customers to manage multiple video cameras at different physical locations through a centralized server, which in turn, can be accessed remotely.
Net Design, the Cisco contractor where Glenn was working at that time, fired him shortly after he reported Cisco’s security violations, which the company officially described as a cost-cutting measure.
In 2010, when Glenn realized that Cisco never fixed those issues neither notified its customers, he informed the U.S. federal agency, who then launched a lawsuit claiming Cisco had defrauded U.S. federal, state and local governments who purchased the product.
Cisco, directly and indirectly, sold its VSM software suit to police departments, schools, courts, municipal offices and airports as we as to many government agencies including the U.S. Department of Homeland Security, the Secret Service, the Navy, the Army, the Air Force, the Marine Corps and the Federal Emergency Management Agency (FEMA).
“Cisco has known of these critical security flaws for at least two and a half years; it has failed to notify the government entities that have purchased and continue to use VSM of the vulnerability,” the lawsuit states.
After the lawsuit was filed, the company acknowledged the vulnerabilities (CVE-2013-3429, CVE-2013-3430, CVE-2013-3431) and released an updated version of its VSM software suit.
In response to the latest settlement, Cisco issued an official statement Wednesday saying it was “pleased to have resolved” the 2011 dispute and that “there was no allegation or evidence that any unauthorized access to customers’ video occurred” as a result of its VSM suit’s architecture.
However, the company added that video feeds could “theoretically have been subject to hacking,” though the lawsuit has not claimed that anyone had exploited the vulnerabilities discovered by Glenn.