8.8
CVSSv3

CVE-2020-3110

Published: 05/02/2020 Updated: 07/02/2020
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent malicious user to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the malicious user to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco video_surveillance_8400_ip_camera_firmware

cisco video_surveillance_8030_ip_camera_firmware

cisco video_surveillance_8020_ip_camera_firmware

cisco video_surveillance_8000p_ip_camera_firmware

cisco video_surveillance_8930_speed_dome_ip_camera_firmware

cisco video_surveillance_8630_ip_camera_firmware

cisco video_surveillance_8070_ip_camera_firmware

cisco video_surveillance_8620_ip_camera_firmware

Vendor Advisories

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages An attacker could ...

Recent Articles

Critical Cisco ‘CDPwn’ Flaws Break Network Segmentation
Threatpost • Lindsey O'Donnell • 05 Feb 2020

Cisco is issuing patches for five critical vulnerabilities that have been discovered in Cisco Discovery Protocol (CDP), the info-sharing layer that maps all Cisco equipment on a network.
Researchers at Armis say that the vulnerabilities, which they disclosed on Wednesday and collectively dubbed CDPwn, can allow attackers with an existing foothold in the network to break through network segmentation efforts and remotely take over millions of devices.
CDP is a Cisco proprietary Layer 2...