A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.
There are no workarounds available to mitigate exploitation of this vulnerability that can be applied on the Cisco Video Surveillance IP Cameras. Mitigations that can be deployed on Cisco devices within the network are available.
This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-camera
Effective October 18, 2011, Cisco moved the
current list of Cisco Security Advisories and Responses published by
Cisco PSIRT. The new location is http://tools.cisco.com/security/center/publicationListing
You can also navigate to this page from the Cisco Products and Services
menu of the Cisco Security (SIO) Portal.
Following this transition, new Cisco Security Advisories and Responses
will be published to the new location. Although the URL has changed, the
content of security documents and the vulnerability policy are not
impacted. Cisco will continue to disclose security vulnerabilities in
accordance with the published Security Vulnerability Policy