CVE-2020-3110
📋 TL;DR
This vulnerability in Cisco Video Surveillance 8000 Series IP Cameras allows an attacker on the same network segment to execute arbitrary code or cause a denial of service by sending malicious Cisco Discovery Protocol packets. It affects devices running firmware versions before 1.0.7. Attackers must be Layer 2 adjacent to the target device.
💻 Affected Systems
- Cisco Video Surveillance 8000 Series IP Cameras
📦 What is this software?
Video Surveillance 8000p Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8000p Ip Camera Firmware →
Video Surveillance 8020 Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8020 Ip Camera Firmware →
Video Surveillance 8030 Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8030 Ip Camera Firmware →
Video Surveillance 8030 Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8030 Ip Camera Firmware →
Video Surveillance 8070 Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8070 Ip Camera Firmware →
Video Surveillance 8400 Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8400 Ip Camera Firmware →
Video Surveillance 8400 Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8400 Ip Camera Firmware →
Video Surveillance 8400 Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8400 Ip Camera Firmware →
Video Surveillance 8620 Ip Camera Firmware by Cisco
View all CVEs affecting Video Surveillance 8620 Ip Camera Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, camera manipulation, network pivoting, and persistent access.
Likely Case
Denial of service causing camera reboot and temporary surveillance interruption.
If Mitigated
Limited to denial of service if network segmentation prevents code execution payloads.
🎯 Exploit Status
Exploit code is publicly available and requires only network access to the same broadcast domain.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware Release 1.0.7 and later
Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos
Restart Required: Yes
Instructions:
1. Download firmware 1.0.7+ from Cisco support portal. 2. Upload firmware to camera via web interface or CLI. 3. Reboot camera to apply update.
🔧 Temporary Workarounds
Disable Cisco Discovery Protocol
allDisable CDP on affected cameras to prevent exploitation.
no cdp enable
Network Segmentation
allIsolate cameras on separate VLANs to limit broadcast domain exposure.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate cameras from untrusted devices
- Deploy network monitoring to detect malicious CDP traffic
🔍 How to Verify
Check if Vulnerable:
Check firmware version via camera web interface or CLI: show versionCheck Version:
show versionVerify Fix Applied:
Confirm firmware version is 1.0.7 or higher and CDP is disabled if using workaround📡 Detection & Monitoring
Log Indicators:
- Unexpected camera reboots
- CDP protocol errors in system logs
Network Indicators:
- Malformed CDP packets on camera network segments
- Unusual CDP traffic patterns
SIEM Query:
source="camera_logs" AND (event="reboot" OR event="cdp_error")🔗 References
- http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos
- http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos
