Details of VAR-202010-1032

ID

VAR-202010-1032

CVE

CVE-2020-3544

TITLE

plural Cisco Video Surveillance 8000 series IP Buffer error vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2020-012238

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload. This vulnerability is due to missing checks when an IP camera processes a Cisco Discovery Protocol packet. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). plural Cisco Video Surveillance 8000 series IP A buffer error vulnerability exists in the camera.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3544 // JVNDB: JVNDB-2020-012238 // VULMON: CVE-2020-3544

IOT TAXONOMY

category:

['camera device']

sub_category:

IP camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	cisco	model:	8930 speed dome ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8630 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8000p ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8020 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8070 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8620 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8400 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	cisco	model:	8030 ip camera	scope:	eq	version:	1.0.9-4	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco video surveillance 8000p ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8020 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8030 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8070 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8400 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8620 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8630 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8930 speed dome ip カメラ	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012238 // NVD: CVE-2020-3544

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3544
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3544
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3544
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-239
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-3544
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3544
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-3544
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3544
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-3544 // JVNDB: JVNDB-2020-012238 // CNNVD: CNNVD-202010-239 // NVD: CVE-2020-3544 // NVD: CVE-2020-3544

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012238 // NVD: CVE-2020-3544

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-239

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-239

PATCH

title:	cisco-sa-cdp-rcedos-mAHR8vNx	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx	Trust: 0.8
title:	Cisco Video Surveillance 8000 Series IP Cameras Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131106	Trust: 0.6
title:	Cisco: Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cdp-rcedos-mAHR8vNx	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-webex-security-camera-flaws/159969/	Trust: 0.1

sources: VULMON: CVE-2020-3544 // JVNDB: JVNDB-2020-012238 // CNNVD: CNNVD-202010-239

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3544	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012238	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3475	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-239	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-3544	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-3544 // JVNDB: JVNDB-2020-012238 // CNNVD: CNNVD-202010-239 // NVD: CVE-2020-3544

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cdp-rcedos-mahr8vnx	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3544	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3475/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189494	Trust: 0.1
url:	https://threatpost.com/cisco-webex-security-camera-flaws/159969/	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-3544 // JVNDB: JVNDB-2020-012238 // CNNVD: CNNVD-202010-239 // NVD: CVE-2020-3544

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2020-3544
db:	JVNDB	id:	JVNDB-2020-012238
db:	CNNVD	id:	CNNVD-202010-239
db:	NVD	id:	CVE-2020-3544

LAST UPDATE DATE

2025-01-30T20:51:27.268000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-3544	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012238	date:	2021-04-27T06:50:00
db:	CNNVD	id:	CNNVD-202010-239	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-3544	date:	2024-11-21T05:31:16.967

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-3544	date:	2020-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-012238	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-239	date:	2020-10-08T00:00:00
db:	NVD	id:	CVE-2020-3544	date:	2020-10-08T05:15:15.163