CVE intelligence and bounded remediation
CVE-2020-3110 — Cisco Video Surveillance 8400 Ip Camera Firmware security vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.
- Severity
- High
- CVSS
- 8.8 (3.1)
- Published
- 2020-02-05
- CISA KEV
- Not currently listed
- Ecosystem
- operating-system
- Weaknesses
- CWE-20
Affected products
- cisco / video_surveillance_8400_ip_camera_firmware
- cisco / video_surveillance_8030_ip_camera_firmware
- cisco / video_surveillance_8020_ip_camera_firmware
- cisco / video_surveillance_8000p_ip_camera_firmware
- cisco / video_surveillance_8930_speed_dome_ip_camera_firmware
- cisco / video_surveillance_8630_ip_camera_firmware
Matched remediation archetype
Command, code, expression, and template injection
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Trace untrusted values to process execution, interpreters, evaluators, template engines, dynamic imports, and administrative scripting features.
- Determine whether the affected path is reachable across each trust boundary and which service account or host privilege it inherits.
- Review configuration for optional execution features, unsafe compatibility modes, and shell invocation.
Remediate safely
- Replace string-built commands or evaluated code with fixed operations and structured argument APIs that do not invoke a shell.
- Use strict allowlists for operation identifiers and reject unexpected input before it reaches any interpreter.
- Update the affected component and add inert regression tests covering metacharacters, encoding variants, and alternate request paths.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.