Operating System:

[Cisco]

Published:

08 October 2020

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3475
           Cisco Video Surveillance 8000 Series IP Cameras Cisco
              Discovery Protocol Memory Leak Vulnerabilities
                              8 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Video Surveillance 8000 Series IP Cameras
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-3544 CVE-2020-3543 

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-memleak-heyebx9
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx

Comment: This bulletin contains two (2) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory
Leak Vulnerability

Priority:        Medium

Advisory ID:     cisco-sa-cdp-memleak-heyebx9

First Published: 2020 October 7 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvv21693

CVE-2020-3543    

CWE-400

Summary

  o A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance
    8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to
    cause a memory leak, which could lead to a denial of service (DoS)
    condition on an affected device.

    The vulnerability is due to incorrect processing of certain Cisco Discovery
    Protocol packets. An attacker could exploit this vulnerability by sending
    certain Cisco Discovery Protocol packets to an affected device. A
    successful exploit could allow the attacker to cause the affected device to
    continuously consume memory, which could cause the device to crash and
    reload, resulting in a DOS condition.

    Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this
    vulnerability, an attacker must be in the same broadcast domain as the
    affected device (Layer 2 adjacent).

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-cdp-memleak-heyebx9

Affected Products

  o Vulnerable Products

    At the time of publication, this vulnerability affected Cisco Video
    Surveillance 8000 Series IP Cameras firmware releases earlier than Release
    1.0.9-5.

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Video Surveillance 3000 Series IP Cameras
       Video Surveillance 4000 Series High-Definition IP Cameras
       Video Surveillance 4300E High-Definition IP Cameras
       Video Surveillance 4500E High-Definition IP Cameras
       Video Surveillance 6000 Series IP Cameras
       Video Surveillance 7000 Series IP Cameras
       Video Surveillance PTZ IP Cameras

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Fixed Releases

    At the time of publication, Cisco Video Surveillance 8000 Series IP Cameras
    firmware releases 1.0.9-5 and later contained the fix for this
    vulnerability.

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Qian Chen of Qihoo 360 Nirvan Team for reporting
    this vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-cdp-memleak-heyebx9

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-OCT-07  |
    +----------+---------------------------+----------+--------+--------------+

- -------------------------------------------------------------------------------

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote
Code Execution and Denial of Service Vulnerability

Priority:        High

Advisory ID:     cisco-sa-cdp-rcedos-mAHR8vNx

First Published: 2020 October 7 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvv21695

CVE-2020-3544    

CWE-119

Summary

  o A vulnerability in the Cisco Discovery Protocol implementation for Cisco
    Video Surveillance 8000 Series IP Cameras could allow an unauthenticated,
    adjacent attacker to execute arbitrary code on an affected device or cause
    the device to reload.

    This vulnerability is due to missing checks when an IP camera processes a
    Cisco Discovery Protocol packet. An attacker could exploit this
    vulnerability by sending a malicious Cisco Discovery Protocol packet to an
    affected device. A successful exploit could allow the attacker to execute
    code on the affected IP camera or cause it to reload unexpectedly,
    resulting in a denial of service (DoS) condition.

    Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this
    vulnerability, an attacker must be in the same broadcast domain as the
    affected device (Layer 2 adjacent).

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-cdp-rcedos-mAHR8vNx

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco Video Surveillance 8000 Series IP Cameras
    if they are running a firmware release earlier than Release 1.0.9-5 and
    have the Cisco Discovery Protocol enabled.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Video Surveillance 3000 Series IP Cameras
       Video Surveillance 4000 Series High-Definition IP Cameras
       Video Surveillance 4300E High-Definition IP Cameras
       Video Surveillance 4500E High-Definition IP Cameras
       Video Surveillance 6000 Series IP Cameras
       Video Surveillance 7000 Series IP Cameras
       Video Surveillance PTZ IP Cameras

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in Cisco Video Surveillance 8000 Series IP
    Camera firmware releases 1.0.9-5 and later.

    To download the firmware from the Software Center on Cisco.com, do the
    following:

     1. Click Browse all.
     2. Choose Connected Safety and Security > Video Surveillance IP Cameras >
        Video Surveillance 8000 Series IP Cameras .
     3. Choose the appropriate IP camera model.
     4. Click Video Surveillance 8000 Series IP Camera Firmware.
     5. Choose a release from the left pane of the product page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Qian Chen of Qihoo 360 Nirvan Team for reporting
    this vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-cdp-rcedos-mAHR8vNx

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-OCT-07  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX36Ji+NLKJtyKPYoAQiUSg/8DGDZBMYt9pS7X86a2XYp4O43q8964d+S
UjR+ReHURb2dkfd/2185gqAZU68D2CDBvfrCKnBBcwTzuGHnwk90CxFQKGizjdeZ
QxHt9phGRdCHhCfcoOU4qe7VvBuw96q5/tb9AngoBqNV0+FbmNsQdH2+LevoX3hn
d6LPdlLuHwG1ox/F3GQayp8EiLIaM2KmOgXcmfVEpbowIGIPKDhnOl39rjk0aW9d
3N5XsSpKApAjQqIXuzNRm42pzewzMf0R7SHGqzUu+k5eyrM2fcp1oIDajvXjOpwo
6RJdVdW3mczGxRGD15x8Z0X7NBoivXxx3pRPTtr8B1BaBbT77JNicA5Fy6uRwvcc
RGUW+0VtsMGuke4ee5epOyW+bn63X5PJ54WMyKhv6HId5uQl2D7qxNxrVzEcgyWW
oNLwNA9StaTXNscIFBGmLri24Pe5U9R6wmFHo9mFMDiVeY7eejNgV6DyBvUcOL/J
rCuo2Zy88K23YBTuZapXnaLsMHYJhEvAsP0KiIvHeM26T79UAbCH0VnZYMJlcns2
lBEv0GuqcUVGy1xZIb18rAscZZo97HzUswCy82JeKQjRcEyG6wab5Ns8MGeNo75U
r5jclTVphHRzZNlQgLeyESd8x5t5gT2JphMXaQfPnN18dxLadJtKOGhrvOpgojCB
iOAhlMiinKc=
=hRh1
-----END PGP SIGNATURE-----