Axians Portal

Home >InfoBlox - End-of-Life Announcements

InfoBlox - End-of-Life Announcements

February 7, InfoBlox

Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution

Overview

Cisco Discovery Protocol (CDP) is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110), stack overflow in Cisco VoIP devices (CVE-2020-3111), a format string stack overflow vulnerability (CVE-2020-3118), stack overflow and arbitrary write (CVE-2020-3119), and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others. These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service.

Description

CVE-2020-3110

Cisco's Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value (TLV). The CVSS score reflected below is in regards to this vulnerability.

CVE-2020-3111

Cisco Voice over Internet Protocol (VoIP) phones with CDP enabled are vulnerable to a stack overflow in the parsing of PortID type-length-value (TLV).

CVE-2020-3118

Cisco's CDP subsystem of devices running, or based on, Cisco IOS XR Software are vulnerable to improper validation of string input from certain fields within a CDP message that could lead to a stack overflow.

CVE-2020-3119

Cisco's CDP subsystem of devices running, or based on, Cisco NX-OS Software is vulnerable to a stack buffer overflow and arbitrary write in the parsing of Power over Ethernet (PoE) type-length-value (TLV).

CVE-2020-3120

Cisco's CDP subsystem of devices running, or based on, Cisco NX-OS, IOS XR, and FXOS Software are vulnerable to a resource exhaustion denial-of-service condition.

Impact

CVE-2020-3110 and CVE-2020-3111, CVE-2020-3118, CVE-2020-3119

These vulnerabilities could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP. A remote attacker could also execute code by sending a malicious unauthenticated CDP packet to the affected device.

CVE-2020-3120

This vulnerability could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP. These vulnerabilities affect devices that have CDP enabled. It is important to note that for all affected devices, CDP is enabled by default. A complete list of the affected products can be found in the following Cisco advisories: CVE-2020-3110 affected products can be found here.
CVE-2020-3111 affected products can be found here.
CVE-2020-3118 affected products can be found here.
CVE-2020-3119 affected products can be found here.
CVE-2020-3120 affected products can be found here.

Solution

Apply an update

Please refer to Cisco's advisories and support site for specific device updates.

Source