Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera.
These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.
Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-rce-dos-uPyJYxN3 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-rce-dos-uPyJYxN3”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cisco_video_surveillance_8000_series_ip_cameras | any | cpe:2.3:a:cisco:cisco_video_surveillance_8000_series_ip_cameras:any:*:*:*:*:*:*:* |
cisco | cisco_video_surveillance | 8000_series_ip_cameras | cpe:2.3:a:cisco:cisco_video_surveillance:8000_series_ip_cameras:*:*:*:*:*:*:* |