Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3507

Опубликовано: 26 авг. 2020
Источник: nvd
CVSS3: 8.8
CVSS2: 8.3
EPSS Низкий

Описание

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:8000p_ip_camera_firmware:1.0.9-1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8000p_ip_camera:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:8020_ip_camera_firmware:1.0.9-1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8020_ip_camera:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:cisco:8030_ip_camera_firmware:1.0.9-1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8030_ip_camera:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:8070_ip_camera_firmware:1.0.9-1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8070_ip_camera:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:cisco:8400_ip_camera_firmware:1.0.9-1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8400_ip_camera:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:cisco:8620_ip_camera_firmware:1.0.9-1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8620_ip_camera:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:cisco:8630_ip_camera_firmware:1.0.9-1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8630_ip_camera:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:cisco:8930_speed_dome_ip_camera_firmware:1.0.9-1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8930_speed_dome_ip_camera:-:*:*:*:*:*:*:*

EPSS

Процентиль: 31%
0.00116
Низкий

8.8 High

CVSS3

8.3 High

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

github логотип

GHSA-9f42-v2wp-jpmq

github
больше 3 лет назад

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

fstec логотип

BDU:2020-04131

CVSS3: 8.8
fstec
больше 5 лет назад

Уязвимость реализации протокола Cisco Discovery микропрограммного обеспечения IP-камер Cisco Video Surveillance серии 8000, позволяющая нарушителю выполнить произвольный код или вызвать перезагрузку уязвимой IP-камеры

EPSS

Процентиль: 31%
0.00116
Низкий

8.8 High

CVSS3

8.3 High

CVSS2

Дефекты

CWE-20
CWE-20