Cisco VC220 Network Dome Camera and Cisco VC240 Network Bullet Camera Denial of Service Vulnerabilites
Cisco-SA-20130731-CVE-2012-3913 · Medium · Published · Updated
The Cisco Video Surveillance VC220 Network Dome Camera and the Cisco VC240 Network Bullet Camera contain vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected devices, preventing web user interface (WebUI) access to the cameras. An attacker could exploit these vulnerabilities by sending crafted packets to an affected device. Continued exploitation could allow an attacker to prevent access to the cameras or cause a denial of service condition. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit these vulnerabilities, an attacker must send a sequence of crafted packets to a targeted device. The attacker may need access to trusted, internal networks, which could limit the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C
Product Names From Source
Cisco Small Business VC220 Dome Network Camera Firmware, Cisco Small Business VC240 Network Camera Firmware, Cisco Small Business VC240 Network Camera, Cisco VC220 Dome Network Camera Firmware