Cisco IOS and IOS XE Software Cisco Discovery Protocol Denial of Service Vulnerability – CSCvg54267 – CDPwn

Another bug which impacts Cisco OS, OS XE and NX OS.

“A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.” More read on advisory site.

  • Cisco NX-OS Stack Overflow in the Power Request TLV (CVE-2020-3119)
  • Cisco IOS XR Format String vulnerability in multiple TLVs (CVE-2020-3118)
  • Cisco IP Phones Stack Overflow in PortID TLV (CVE-2020-3111)
  • Cisco IP Cameras Heap Overflow in DeviceID TLV (CVE-2020-3110)
  • Cisco FXOS, IOS XR, and NX-OS Resource Exhaustion in the Addresses TLV (CVE-2020-3120)

The Hacker News states that – According to a report Armis research team shared with The Hacker News, the underlying CDP implementations contain buffer overflow and format string vulnerabilities that could let remote attackers on the same network execute arbitrary code on the vulnerable devices by sending malicious unauthenticated CDP packets.

Semi good news is that an attacker first needs to be on the same network to leverage CDPwn vulnerabilities. So if you have proper architecture and secure posture in place you shouldn’t worry much but its a good time to revisit your infrastructure.

No workarounds at this time but if you have any partner L2 connections I would definitely make sure you have CDP disabled (if you can).

Good Luck!


Add a Comment

Your email address will not be published.