CVE-2020-3507

HIGH

Cisco Video Surveillance 8000 Series IP Cameras RCE and DoS via Cisco Discovery Protocol

Title source: llm

Description

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-rce-dos-uPyJYxN3

Scores

CVSS v3 8.8

EPSS 0.0012

EPSS Percentile 29.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (8)

cisco/8000p_ip_camera_firmware 1.0.9-1

cisco/8020_ip_camera_firmware 1.0.9-1

cisco/8030_ip_camera_firmware 1.0.9-1

cisco/8070_ip_camera_firmware 1.0.9-1

cisco/8400_ip_camera_firmware 1.0.9-1

cisco/8620_ip_camera_firmware 1.0.9-1

cisco/8630_ip_camera_firmware 1.0.9-1

cisco/8930_speed_dome_ip_camera_firmware 1.0.9-1

Published Aug 26, 2020

Tracked Since Feb 18, 2026