1. Home
  2. CVE Database
  3. CVE-2020-3507
HIGH · 8.8

CVE-2020-3507

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely o...

Vulnerability Description

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Cisco8000P Ip Camera Firmware1.0.9-1
Cisco8000P Ip Camera-
Cisco8020 Ip Camera Firmware1.0.9-1
Cisco8020 Ip Camera-
Cisco8030 Ip Camera Firmware1.0.9-1
Cisco8030 Ip Camera-
Cisco8070 Ip Camera Firmware1.0.9-1
Cisco8070 Ip Camera-
Cisco8400 Ip Camera Firmware1.0.9-1
Cisco8400 Ip Camera-
Cisco8620 Ip Camera Firmware1.0.9-1
Cisco8620 Ip Camera-
Cisco8630 Ip Camera Firmware1.0.9-1
Cisco8630 Ip Camera-
Cisco8930 Speed Dome Ip Camera Firmware1.0.9-1
Cisco8930 Speed Dome Ip Camera-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2020-3507?

CVE-2020-3507 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely o...

How severe is CVE-2020-3507?

CVE-2020-3507 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3507?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco 8000P Ip Camera Firmware, Cisco 8000P Ip Camera, Cisco 8020 Ip Camera Firmware, Cisco 8020 Ip Camera, Cisco 8030 Ip Camera Firmware.