CVE-2020-3119:

Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability (CVE-2020-3119)

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.8High

Published Date:Feb 5, 2020
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:7.9
EPSS Percentile:92%

Exploitability

Score:2.8
Attack Vector:ADJACENT_NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability (CVE-2020-3119)

Overview

CVE-2020-3119 is a stack overflow vulnerability in Cisco NX-OS Software's CDP implementation. The flaw exists because the CDP parser fails to properly validate input for certain fields in CDP messages. This is classified as a CWE-787 (Out-of-bounds Write) vulnerability. Since CDP is a Layer 2 protocol, an attacker must be in the same broadcast domain (Layer 2 adjacent) as the vulnerable device to exploit it. Successful exploitation allows arbitrary code execution with administrative privileges or causes a device reload, potentially leading to complete device takeover.

Remediation

To address this vulnerability, administrators should:
1. Update affected Cisco NX-OS Software to a patched version as specified in the Cisco Security Advisory (cisco-sa-20200205-nxos-cdp-rce).
2. If immediate patching is not possible, consider these mitigations:
Disable CDP on interfaces where it's not operationally required
Implement proper network segmentation to limit the potential attack surface
Monitor for suspicious CDP traffic in the network
3. Review network security architecture to ensure proper segmentation of management networks.
4. Follow Cisco's best practices for securing network infrastructure devices.