CVE-2020-3110:Cisco Video Surveillance 8000 Series IP Cameras contain a vulnerability in the Cisco Discovery Protocol implementation that allows adjacent attackers to execute remote code or cause denial of service.

splash
Back

Description Preview

CVE-2020-3110 affects Cisco Video Surveillance 8000 Series IP Cameras. The vulnerability exists in the Cisco Discovery Protocol implementation, which lacks proper checks when processing CDP messages. An unauthenticated, adjacent attacker can send malicious Cisco Discovery Protocol packets to a targeted IP camera, potentially leading to remote code execution or causing the device to reload unexpectedly, resulting in a denial of service condition. Since Cisco Discovery Protocol is a Layer 2 protocol, attackers must be in the same broadcast domain as the affected device to exploit this vulnerability.

Overview

This vulnerability (CVE-2020-3110) is part of a series of Cisco Discovery Protocol vulnerabilities known as "CDPwn." The issue stems from improper validation of CDP packets in Cisco Video Surveillance 8000 Series IP Cameras. When the device processes specially crafted CDP packets, an attacker can trigger a buffer overflow condition, potentially allowing arbitrary code execution with the privileges of the CDP process. Alternatively, the malformed packets can cause the device to crash and reload. Since CDP is enabled by default on most Cisco devices and processes packets before authentication, this presents a significant security risk in environments where physical or Layer 2 network access is possible.

Remediation

To address this vulnerability, organizations should:

  1. Update affected Cisco Video Surveillance 8000 Series IP Cameras to Firmware Release 1.0.7 or later, which contains fixes for this vulnerability.

  2. If immediate patching is not possible, consider these temporary mitigations:

    • Disable Cisco Discovery Protocol on interfaces where it is not required
    • Implement network segmentation to limit Layer 2 access to vulnerable devices
    • Monitor for suspicious network activity targeting CDP services

  3. Ensure physical security of network infrastructure to prevent unauthorized access to network segments containing vulnerable devices.

  4. Review network configurations to identify all potentially affected devices and prioritize their updates based on exposure risk.

References

  1. Cisco Security Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos
  2. Packet Storm Security - Cisco Discovery Protocol CDP Remote Device Takeover: http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
  3. MITRE CWE-20: Improper Input Validation - https://cwe.mitre.org/data/definitions/20.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background