Cisco Discovery Protocol (CDP) enabled devices vulnerable to remote code execution and to denial-of-service attacks
Sources
- https://tools.cisco.com/security/center/publicationListing.x
- https://www.armis.com/cdpwn/
- https://www.bleepingcomputer.com/news/security/cisco-patches-critical-cdp-flaws-affecting-millions-of-devices/
Risks
The vulnerabilities affect all devices that have the Cisco Discovery Protocol (CDP )enabled. It is important to note that for all affected devices, CDP is enabled by default.
CVE-2020-3110, CVE-2020-3111, CVE-2020-3118 and CVE-2020-3119
These vulnerabilities could allow an attacker on the local network to cause a denial of service by rebooting the affected device running CDP. A remote attacker could also execute code by sending a malicious unauthenticated CDP packet to the affected device.
CVE-2020-3120
This vulnerability could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP.
Description
Cisco Discovery Protocol (CDP) is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110) and stack overflow in Cisco VoIP devices (CVE-2020-3111). There is also a format string stack overflow vulnerability (CVE-2020-3118), a stack overflow and arbitrary write vulnerability (CVE-2020-3119) and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others.
These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service (can also be exploited remotely with extra-effort from the attacker). The CVE-2020-3120, in addition, could allow an attacker to execute code remotely.
Recommended Actions
Cisco released a patch for each vulnerability. CERT.be recommends applying the patches as soon as possible after proper testing. The patches can be downloaded from the Cisco Website.