CVE-2020-3110

Name of the Vulnerable Software and Affected Versions Cisco Video Surveillance 8000 Series IP Cameras versions prior to 1.0.7

Description The issue is due to insufficient input validation in the Cisco Discovery Protocol implementation, allowing an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. An attacker could exploit this by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera, potentially leading to remote code execution or a denial of service (DoS) condition. The attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent) to exploit this vulnerability.

Recommendations For Cisco Video Surveillance 8000 Series IP Cameras versions prior to 1.0.7, update to Firmware Release 1.0.7 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the Cisco Discovery Protocol to minimize the risk of exploitation.