Main Vulnerability Database Vulnerabilities #VU45897

Memory leak in Cisco Video Surveillance 8000 Series IP Cameras - CVE-2020-3505

Published: August 21, 2020

Vulnerability identifier: #VU45897

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3505

CWE-ID: CWE-401

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco Video Surveillance 8000 Series IP Cameras

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when processing Cisco Discovery Protocol packets. A remote attacker can pass specially crafted traffic to the device and perform denial of service attack.

Remediation

Install updates from vendor's website.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

Video Surveillance 3000 Series IP Cameras
Video Surveillance 4000 Series High-Definition IP Cameras
Video Surveillance 4300E and 4500E High-Definition IP Cameras
Video Surveillance 6000 Series IP Cameras
Video Surveillance 7000 Series IP Cameras
Video Surveillance PTZ IP Cameras

Memory leak in Cisco Video Surveillance 8000 Series IP Cameras - CVE-2020-3505

Description

Remediation

External links

Please verify you're human