Armis Logo< Back

CVE-2020-3118:

Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability allows adjacent attackers to execute arbitrary code or cause device reload.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

8.8High
  • Published Date:Feb 5, 2020
  • CISA KEV Date:Nov 3, 2021
  • Industries Affected:20
Armis Early Warning:
Early Warning637 Days

Threat Predictions

  • EPSS Score:0.3
  • EPSS Percentile:49%

Exploitability

  • Score:2.8
  • Attack Vector:ADJACENT_NETWORK
  • Attack Complexity:LOW
  • Privileges Required:NONE
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:5.9
  • Confidentiality Impact:HIGH
  • Integrity Impact:HIGH
  • Availability Impact:HIGH

Description Preview

Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability allows adjacent attackers to execute arbitrary code or cause device reload.

Overview

CVE-2020-3118 is a stack overflow vulnerability in the Cisco Discovery Protocol (CDP) implementation for Cisco IOS XR Software. The vulnerability has been classified as CWE-787 (Out-of-bounds Write). When exploited, this vulnerability allows an adjacent attacker to send malicious CDP packets to trigger a stack overflow condition, potentially leading to arbitrary code execution with administrative privileges or causing the device to reload. This represents a significant security risk for network infrastructure running affected versions of Cisco IOS XR Software, as it could lead to complete device compromise without requiring authentication.

Remediation

  • Organizations using affected Cisco IOS XR Software should:
  • 1. Apply the security updates provided by Cisco as soon as possible.
  • 2. If immediate patching is not possible, consider disabling CDP on interfaces where it is not required.
  • 3. Implement network segmentation to limit the potential attack surface.
  • 4. Monitor network traffic for suspicious CDP packets.
  • 5. Ensure only trusted devices are connected to the same broadcast domain as critical infrastructure.
  • 6. Follow the detailed remediation steps in Cisco's security advisory (cisco-sa-20200205-iosxr-cdp-rce).

References

Early WarningArmis Early Warning

Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.

  • Armis Alert Date:Oct 20, 2020
  • CISA KEV Date:Nov 3, 2021
  • Days Early:637 Days

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Retail Trade icon
Retail Trade
Manufacturing icon
Manufacturing
Wholesale Trade icon
Wholesale Trade
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Public Administration icon
Public Administration
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Transportation and Warehousing icon
Transportation and Warehousing
Accommodation and Food Services icon
Accommodation and Food Services
Health Care and Social Assistance icon
Health Care and Social Assistance
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!