Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Cisco Discovery Protocol (CDP) enabled devices vulnerable to remote code execution and to denial-of-service attacks
Image
Published : 06/02/2020
Reference:
Advisory #2020-004
Version:
1.0
Affected software:
Cisco Voice over Internet Protocol (VoIP) phones with CDP
Cisco's CDP subsystem of devices running, or based on, Cisco NX-OS, IOS XR, and FXOS Software
Cisco's Video Surveillance 8000 Series IP cameras with CDP
Type:
Remote Code Execution (RCE) & Denial of Services (DOS)
CVE/CVSS:
CVE-2020-3110
CVE-2020-3111
CVE-2020-3118
CVE-2020-3119
CVE-2020-3120
Sources
- https://tools.cisco.com/security/center/publicationListing.x
- https://www.armis.com/cdpwn/
- https://www.bleepingcomputer.com/news/security/cisco-patches-critical-cdp-flaws-affecting-millions-of-devices/
Risks
The vulnerabilities affect all devices that have the Cisco Discovery Protocol (CDP )enabled. It is important to note that for all affected devices, CDP is enabled by default.
CVE-2020-3110, CVE-2020-3111, CVE-2020-3118 and CVE-2020-3119
These vulnerabilities could allow an attacker on the local network to cause a denial of service by rebooting the affected device running CDP. A remote attacker could also execute code by sending a malicious unauthenticated CDP packet to the affected device.
CVE-2020-3120
This vulnerability could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP.
Description
Cisco Discovery Protocol (CDP) is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110) and stack overflow in Cisco VoIP devices (CVE-2020-3111). There is also a format string stack overflow vulnerability (CVE-2020-3118), a stack overflow and arbitrary write vulnerability (CVE-2020-3119) and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others.
These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service (can also be exploited remotely with extra-effort from the attacker). The CVE-2020-3120, in addition, could allow an attacker to execute code remotely.
Recommended Actions
Cisco released a patch for each vulnerability. CERT.be recommends applying the patches as soon as possible after proper testing. The patches can be downloaded from the Cisco Website.