Cisco fixed five vulnerabilities rated high where a remote attacker could exploit them to take control of an affected system, according to a report from CISA.

In one vulnerability, there is an issue in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras that could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera.

The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.

Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Schneider Bold

Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This vulnerability affects Cisco Video Surveillance 8000 Series IP Cameras with the Cisco Discovery Protocol enabled when they are running a firmware version earlier than 1.0.7.

The other vulnerabilities and fixes include:

  • IP Phone Remote Code Execution and Denial-of-Service Vulnerability
  • NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability
  • IOS XR Software Cisco Discovery Protocol Format String Vulnerability
  • FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial-of-Service Vulnerability
  • Pin It on Pinterest

    Share This