Details of VAR-202008-1217

ID

VAR-202008-1217

CVE

CVE-2020-3505

TITLE

Cisco Video Surveillance 8000 series IP Resource depletion vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2020-010532

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Attackers can use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2020-3505 // JVNDB: JVNDB-2020-010532 // CNVD: CNVD-2020-48990

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-48990

AFFECTED PRODUCTS

vendor:	cisco	model:	8000p ip camera	scope:	eq	version:	1.0.9-1	Trust: 1.0
vendor:	cisco	model:	8020 ip camera	scope:	eq	version:	1.0.9-1	Trust: 1.0
vendor:	cisco	model:	8070 ip camera	scope:	eq	version:	1.0.9-1	Trust: 1.0
vendor:	cisco	model:	8620 ip camera	scope:	eq	version:	1.0.9-1	Trust: 1.0
vendor:	cisco	model:	8400 ip camera	scope:	eq	version:	1.0.9-1	Trust: 1.0
vendor:	cisco	model:	8030 ip camera	scope:	eq	version:	1.0.9-1	Trust: 1.0
vendor:	cisco	model:	8930 speed dome ip camera	scope:	eq	version:	1.0.9-1	Trust: 1.0
vendor:	cisco	model:	8630 ip camera	scope:	eq	version:	1.0.9-1	Trust: 1.0
vendor:	cisco	model:	video surveillance 8000p ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance 8020 ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance 8030 ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance 8070 ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance 8400 ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance 8620 ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance 8930 speed dome ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance 8630 ip camera	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance series ip cameras	scope:	eq	version:	8000	Trust: 0.6

sources: CNVD: CNVD-2020-48990 // JVNDB: JVNDB-2020-010532 // NVD: CVE-2020-3505

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3505
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3505
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-010532
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-48990
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202008-974
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-3505
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-010532
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-48990
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-3505
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-010532
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-48990 // JVNDB: JVNDB-2020-010532 // CNNVD: CNNVD-202008-974 // NVD: CVE-2020-3505 // NVD: CVE-2020-3505

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.8
problemtype:	CWE-401	Trust: 1.0

sources: JVNDB: JVNDB-2020-010532 // NVD: CVE-2020-3505

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202008-974

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202008-974

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010532

PATCH

title:	cisco-sa-cdp-memleak-k5Z7m55t	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-memleak-k5Z7m55t	Trust: 0.8
title:	Patch for Cisco Video Surveillance 8000 Series IP Cameras memory leak vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/232051	Trust: 0.6
title:	Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126770	Trust: 0.6

sources: CNVD: CNVD-2020-48990 // JVNDB: JVNDB-2020-010532 // CNNVD: CNNVD-202008-974

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3505	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-010532	Trust: 0.8
db:	CNVD	id:	CNVD-2020-48990	Trust: 0.6
db:	NSFOCUS	id:	48667	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-974	Trust: 0.6

sources: CNVD: CNVD-2020-48990 // JVNDB: JVNDB-2020-010532 // CNNVD: CNNVD-202008-974 // NVD: CVE-2020-3505

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cdp-memleak-k5z7m55t	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3505	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3505	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48667	Trust: 0.6

sources: CNVD: CNVD-2020-48990 // JVNDB: JVNDB-2020-010532 // CNNVD: CNNVD-202008-974 // NVD: CVE-2020-3505

SOURCES

db:	CNVD	id:	CNVD-2020-48990
db:	JVNDB	id:	JVNDB-2020-010532
db:	CNNVD	id:	CNNVD-202008-974
db:	NVD	id:	CVE-2020-3505

LAST UPDATE DATE

2024-11-23T22:21:03.519000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-48990	date:	2020-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-010532	date:	2021-01-26T09:04:51
db:	CNNVD	id:	CNNVD-202008-974	date:	2021-10-27T00:00:00
db:	NVD	id:	CVE-2020-3505	date:	2024-11-21T05:31:12.597

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-48990	date:	2020-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-010532	date:	2021-01-26T09:04:51
db:	CNNVD	id:	CNNVD-202008-974	date:	2020-08-19T00:00:00
db:	NVD	id:	CVE-2020-3505	date:	2020-08-26T17:15:14.287