CVE-2020-3118:Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability allows adjacent attackers to execute arbitrary code or cause device reload.

splash
Back

Description Preview

A critical vulnerability (CVE-2020-3118) exists in the Cisco Discovery Protocol implementation for Cisco IOS XR Software. This vulnerability allows an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a device reload. The issue stems from improper validation of string input from certain fields in Cisco Discovery Protocol messages, which can lead to a stack overflow condition. Since Cisco Discovery Protocol is a Layer 2 protocol, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent) to exploit this vulnerability.

Overview

CVE-2020-3118 is a stack overflow vulnerability in the Cisco Discovery Protocol (CDP) implementation for Cisco IOS XR Software. The vulnerability has been classified as CWE-787 (Out-of-bounds Write). When exploited, this vulnerability allows an adjacent attacker to send malicious CDP packets to trigger a stack overflow condition, potentially leading to arbitrary code execution with administrative privileges or causing the device to reload. This represents a significant security risk for network infrastructure running affected versions of Cisco IOS XR Software, as it could lead to complete device compromise without requiring authentication.

Remediation

Organizations using affected Cisco IOS XR Software should:

  1. Apply the security updates provided by Cisco as soon as possible.
  2. If immediate patching is not possible, consider disabling CDP on interfaces where it is not required.
  3. Implement network segmentation to limit the potential attack surface.
  4. Monitor network traffic for suspicious CDP packets.
  5. Ensure only trusted devices are connected to the same broadcast domain as critical infrastructure.
  6. Follow the detailed remediation steps in Cisco's security advisory (cisco-sa-20200205-iosxr-cdp-rce).

References

  1. Cisco Security Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce
  2. Packet Storm Security: http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
  3. CWE-787 (Out-of-bounds Write): https://cwe.mitre.org/data/definitions/787.html

Early Warning

Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.

Armis Alert Date
Feb 5, 2020
CISA KEV Date
Nov 3, 2021
637days early

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Information: Low
    Information
  2. Accommodation & Food Services: Low
    Accommodation & Food Services
  3. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  4. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  5. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  6. Construction: Low
    Construction
  7. Educational Services: Low
    Educational Services
  8. Finance and Insurance: Low
    Finance and Insurance
  9. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background