www.belgium.be Logo of the federal government

Cisco Discovery Protocol (CDP) enabled devices vulnerable to remote code execution and to denial-of-service attacks

Reference: 
Advisory #2020-004
Version: 
1.0
Affected software: 
Cisco's Video Surveillance 8000 Series IP cameras with CDP
Cisco Voice over Internet Protocol (VoIP) phones with CDP
Cisco's CDP subsystem of devices running, or based on, Cisco NX-OS, IOS XR, and FXOS Software
Type: 
Remote Code Execution (RCE) & Denial of Services (DOS)
CVE/CVSS: 
Date: 
06/02/2020

Sources

Risks

The vulnerabilities affect all devices that have the Cisco Discovery Protocol (CDP )enabled. It is important to note that for all affected devices, CDP is enabled by default.

CVE-2020-3110, CVE-2020-3111, CVE-2020-3118 and CVE-2020-3119

These vulnerabilities could allow an attacker on the local network to cause a denial of service by rebooting the affected device running CDP. A remote attacker could also execute code by sending a malicious unauthenticated CDP packet to the affected device.

CVE-2020-3120

This vulnerability could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP.

Description

Cisco Discovery Protocol (CDP) is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110) and stack overflow in Cisco VoIP devices (CVE-2020-3111). There is also a format string stack overflow vulnerability (CVE-2020-3118), a stack overflow and arbitrary write vulnerability (CVE-2020-3119) and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others.

These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service (can also be exploited remotely with extra-effort from the attacker). The CVE-2020-3120, in addition, could allow an attacker to execute code remotely.

Recommended Actions

Cisco released a patch for each vulnerability. CERT.be recommends applying the patches as soon as possible after proper testing. The patches can be downloaded from the Cisco Website.