Cisco Discovery Protocol (CDP) devices are vulnerable to denial-of-service and remote code execution

ronjor · Feb 5, 2020

Original Release Date: 2020-02-05 | Last Revised: 2020-02-05

Overview
Cisco Discovery Protocol (CDP) is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110), stack overflow in Cisco VoIP devices (CVE-2020-3111), a format string stack overflow vulnerability (CVE-2020-3118 ), stack overflow and arbitrary write (CVE-2020-3119), and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others. These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service.
Click to expand...

Log in or Sign up

Cisco Discovery Protocol (CDP) devices are vulnerable to denial-of-service and remote code execution

ronjor Global Moderator

Log in or Sign up

Cisco Discovery Protocol (CDP) devices are vulnerable to denial-of-service and remote code execution

ronjor Global Moderator

Useful Searches