CVE-2021-1521 — MEDIUM (6.5)

Q: How severe is CVE-2021-1521?

CVE-2021-1521 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-1521?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Video Surveillance 8400 Firmware, Cisco Video Surveillance 8400, Cisco Video Surveillance 8000P Firmware, Cisco Video Surveillance 8000P, Cisco Video Surveillance 8020 Firmware.

Vulnerability Description

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. This vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected IP camera. A successful exploit could allow the attacker to cause the affected IP camera to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Video Surveillance 8400 Firmware	< 1.0.9-11
Cisco	Video Surveillance 8400	-
Cisco	Video Surveillance 8000P Firmware	< 1.0.9-11
Cisco	Video Surveillance 8000P	-
Cisco	Video Surveillance 8020 Firmware	< 1.0.9-11
Cisco	Video Surveillance 8020	-
Cisco	Video Surveillance 8030 Firmware	< 1.0.9-11
Cisco	Video Surveillance 8030	-
Cisco	Video Surveillance 8070 Firmware	< 1.0.9-11
Cisco	Video Surveillance 8070	-
Cisco	Video Surveillance 8620 Firmware	< 1.0.9-11
Cisco	Video Surveillance 8620	-
Cisco	Video Surveillance 8630 Firmware	< 1.0.9-11
Cisco	Video Surveillance 8630	-
Cisco	Video Surveillance 8930 Firmware	< 1.0.9-11
Cisco	Video Surveillance 8930	-

Related Weaknesses (CWE)

CWE-119

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory

FAQ

What is CVE-2021-1521?

CVE-2021-1521 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to r...

How severe is CVE-2021-1521?

CVE-2021-1521 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1521?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Video Surveillance 8400 Firmware, Cisco Video Surveillance 8400, Cisco Video Surveillance 8000P Firmware, Cisco Video Surveillance 8000P, Cisco Video Surveillance 8020 Firmware.