Cisco Systems security teams have released some security patches to fix three critical vulnerabilities in Cisco Video Surveillance 8000 series IP cameras. According to the report, the reported flaws would allow threat actors to disable affected devices.
These flaws exist because Cisco Discovery Protocol allows discovery of connected network equipment, names, IP address, and operating system version. Threat actors could exploit the flaws by sending a malicious CDP packet to the target IP camera to run the code on the affected device.
These flaws affect IP cameras with firmware version earlier than 1.0.9-4. Regarding the most dangerous vulnerability in the report, tracked as CVE-2020-3446, it affects the ENCS 5400-W and CSP 5000-W Series devices, as its Cisco Enterprise NFV Infrastructure Software (NFVIS) contains user accounts with a static password by default.
NFVIS helps customers virtualize Cisco network services such as Integrated Services Virtual Router, Virtual WAN Optimization, Virtual ASA, Virtual Wireless LAN Controller, and Next Generation Virtual Firewall. With a default password, an unauthenticated remote attacker might log in to the NFVIS CLI of the vulnerable device with administrator rights.
Users of affected devices are recommended to install Cisco updates if the devices are running vWAAS with images related to NFVIS versions 6.4.5 or 6.4.3d and later. Alternative solutions to mitigate the risk of exploitation are currently unknown.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.