SB2020082107 - Multiple vulnerabilities in Cisco Video Surveillance 8000 Series IP Cameras firmware
Published: August 21, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-3506)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to insufficient validation of Cisco Discovery Protocol packets. A remote attacker on the local network can send specially crafted traffic to the device and execute arbitrary code on the system.
2) Input validation error (CVE-ID: CVE-2020-3507)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to insufficient validation of Cisco Discovery Protocol packets. A remote attacker on the local network can send specially crafted traffic to the device and execute arbitrary code on the system.
3) Memory leak (CVE-ID: CVE-2020-3505)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when processing Cisco Discovery Protocol packets. A remote attacker can pass specially crafted traffic to the device and perform denial of service attack.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-rce-dos-uPyJYxN3
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu82728
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu82729
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-memleak-k5Z7m55t
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu82727