Cisco Discovery Protocol (CDP) is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110), stack overflow in Cisco VoIP devices (CVE-2020-3111), a format string stack overflow vulnerability (CVE-2020-3118), stack overflow and arbitrary write (CVE-2020-3119), and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others. These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service.
\r\n\r\n### Description ###\r\nCVE-2020-3110 Cisco's Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value (TLV). The CVSS score reflected below is in regards to this vulnerability. |
CVE-2020-3110 and CVE-2020-3111, CVE-2020-3118, CVE-2020-3119 |
Apply an update |
Thanks to Ben Seri of Armis Security for reporting this vulnerability.
This document was written by Madison Oliver.
\r\n\r\n","clean_desc":"CVE-2020-3110 Cisco's Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value(TLV). The CVSS score reflected below is in regards to this vulnerability. CVE-2020-3111 Cisco Voice over Internet Protocol(VoIP)phones with CDP enabled are vulnerable to a stack overflow in the parsing of PortID type-length-value(TLV). CVE-2020-3118 Cisco's CDP subsystem of devices running,or based on,Cisco IOS XR Software are vulnerable to improper validation of string input from certain fields within a CDP message that could lead to a stack overflow. CVE-2020-3119 Cisco's CDP subsystem of devices running,or based on,Cisco NX-OS Software is vulnerable to a stack buffer overflow and arbitrary write in the parsing of Power over Ethernet(PoE)type-length-value(TLV). CVE-2020-3120 Cisco's CDP subsystem of devices running,or based on,Cisco NX-OS,IOS XR,and FXOS Software are vulnerable to a resource exhaustion denial-of-service condition.","impact":"CVE-2020-3110 and CVE-2020-3111, CVE-2020-3118, CVE-2020-3119\nThese vulnerabilities could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP. A remote attacker could also execute code by sending a malicious unauthenticated CDP packet to the affected device. CVE-2020-3120\nThis vulnerability could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP. These vulnerabilities affect devices that have CDP enabled. It is important to note that for all affected devices, CDP is enabled by default. A complete list of the affected products can be found in the following Cisco advisories: CVE-2020-3110 affected products can be found here. CVE-2020-3111 affected products can be found here. CVE-2020-3118 affected products can be found here. CVE-2020-3119 affected products can be found here. CVE-2020-3120 affected products can be found here.","resolution":"Apply an update Please refer to Cisco's advisories and support site for specific device updates.","workarounds":"","sysaffected":"","thanks":"Thanks to Ben Seri of Armis Security for reporting this vulnerability.","author":"This document was written by Madison Oliver.","public":["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos","https://www.cisco.com/en/US/technologies/tk652/tk701/technologies_white_paper0900aecd804cd46d.html"],"cveids":["CVE-2020-3118","CVE-2020-3110","CVE-2020-3120","CVE-2020-3119","CVE-2020-3111"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-01-30T14:14:47Z","publicdate":"2020-02-05T00:00:00Z","datefirstpublished":"2020-02-05T16:03:14Z","dateupdated":"2020-07-08T16:55:15.788977Z","revision":73,"vrda_d1_directreport":"0","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.3","cvss_basevector":"AV:A/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.3","cvss_environmentalscore":"8.32981158912","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":11}