Details of VAR-202010-1031

ID

VAR-202010-1031

CVE

CVE-2020-3543

TITLE

Cisco Video Surveillance 8000 Series IP Cameras Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-61954 // CNNVD: CNNVD-202010-229

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. Attackers can use this vulnerability to illegally access or damage system resources

Trust: 2.16

sources: NVD: CVE-2020-3543 // JVNDB: JVNDB-2020-012237 // CNVD: CNVD-2020-61954

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-61954

AFFECTED PRODUCTS

vendor:	cisco	model:	8930 speed dome ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8630 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8000p ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8020 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8070 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8620 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8400 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8030 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco video surveillance 8000p ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8020 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8030 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8070 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8400 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8620 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8630 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8930 speed dome ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance series ip cameras	scope:	eq	version:	8000	Trust: 0.6

sources: CNVD: CNVD-2020-61954 // JVNDB: JVNDB-2020-012237 // NVD: CVE-2020-3543

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3543
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3543
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3543
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-61954
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-229
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-3543
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-61954
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-3543
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3543
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-61954 // JVNDB: JVNDB-2020-012237 // CNNVD: CNNVD-202010-229 // NVD: CVE-2020-3543 // NVD: CVE-2020-3543

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	CWE-401	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012237 // NVD: CVE-2020-3543

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-229

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202010-229

PATCH

title:	cisco-sa-cdp-memleak-heyebx9	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-memleak-heyebx9	Trust: 0.8
title:	Patch for Cisco Video Surveillance 8000 Series IP Cameras Resource Management Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/239431	Trust: 0.6
title:	Cisco Video Surveillance 8000 Series IP Cameras Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129858	Trust: 0.6

sources: CNVD: CNVD-2020-61954 // JVNDB: JVNDB-2020-012237 // CNNVD: CNNVD-202010-229

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3543	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-012237	Trust: 0.8
db:	CNVD	id:	CNVD-2020-61954	Trust: 0.6
db:	NSFOCUS	id:	50161	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3475	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-229	Trust: 0.6

sources: CNVD: CNVD-2020-61954 // JVNDB: JVNDB-2020-012237 // CNNVD: CNNVD-202010-229 // NVD: CVE-2020-3543

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cdp-memleak-heyebx9	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3543	Trust: 2.0
url:	https://www.auscert.org.au/bulletins/esb-2020.3475/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50161	Trust: 0.6

sources: CNVD: CNVD-2020-61954 // JVNDB: JVNDB-2020-012237 // CNNVD: CNNVD-202010-229 // NVD: CVE-2020-3543

SOURCES

db:	CNVD	id:	CNVD-2020-61954
db:	JVNDB	id:	JVNDB-2020-012237
db:	CNNVD	id:	CNNVD-202010-229
db:	NVD	id:	CVE-2020-3543

LAST UPDATE DATE

2024-11-23T22:37:13.545000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-61954	date:	2020-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-012237	date:	2021-04-27T06:50:00
db:	CNNVD	id:	CNNVD-202010-229	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2020-3543	date:	2024-11-21T05:31:16.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-61954	date:	2020-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-012237	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-229	date:	2020-10-08T00:00:00
db:	NVD	id:	CVE-2020-3543	date:	2020-10-08T05:15:15.070