CVE-2020-3118: Cisco IOS XR Software Discovery Protocol Format String Vulnerability
First published: Wed Feb 05 2020(Updated: )
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Credit: ykramarz@cisco.com psirt@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XRv 9000 | ||
| Cisco IOS XRv 9000 | >=6.6.0<6.6.12 | |
| Cisco IOS XRv 9000 | >=7.0.0<7.0.2 | |
| Cisco IOS XRv 9000 | =6.5.3 | |
| Cisco ASR 9000v-v2 | ||
| Cisco ASR 9001 | ||
| Cisco ASR 9006 | ||
| Cisco ASR 9010 | ||
| Cisco ASR 9901-RP Firmware | ||
| Cisco ASR 9904 | ||
| Cisco ASR 9906 | ||
| Cisco ASR 9910 | ||
| Cisco ASR 9912 | ||
| Cisco ASR 9922 | ||
| Cisco NCS 540-12Z20G-SYS-A | ||
| Cisco NCS 540-12Z20G-SYS-D | ||
| Cisco NCS 540 | ||
| Cisco NCS 540-28Z4C-SYS-A | ||
| Cisco NCS 540-28Z4C-SYS-D | ||
| Cisco NCS 540 Series | ||
| Cisco ncs 540x-12z16g-sys-a | ||
| Cisco NCS 540X-12Z16G-SYS-D | ||
| Cisco NCS 540X-16Z4G8Q2C-A/D | ||
| Cisco NCS 540X-16Z4G8Q2C-A/D | ||
| Cisco NCS 540 | ||
| Cisco NCS 5501-SE | ||
| Cisco NCS 5501-SE | ||
| Cisco NCS 5502 | ||
| Cisco NCS 5502-SE Firmware | ||
| Cisco NCS 5508 | ||
| Cisco NCS 5516 | ||
| Cisco IOS XRv 9000 | ||
| Cisco IOS XRv 9000 | =5.2.5 | |
| Cisco NCS 6000 | ||
| Cisco NCS 6008-8-Slot Chassis | ||
| Cisco IOS XRv 9000 | =6.4.2 | |
| Cisco ASR 9000v | ||
| Cisco ASR 9903 | ||
| Cisco ASR 9920 | ||
| Cisco CRS-X | ||
| Cisco IOS XRv 9000 | =6.6.25 | |
| Cisco NCS 560-4 | ||
| Cisco IOS XRv 9000 | =7.0.1 | |
| Cisco NCS 540 | ||
| All of | ||
| Cisco IOS XRv 9000 | =6.5.3 | |
| Any of | ||
| Cisco ASR 9000v-v2 | ||
| Cisco ASR 9001 | ||
| Cisco ASR 9006 | ||
| Cisco ASR 9010 | ||
| Cisco ASR 9901-RP Firmware | ||
| Cisco ASR 9904 | ||
| Cisco ASR 9906 | ||
| Cisco ASR 9910 | ||
| Cisco ASR 9912 | ||
| Cisco ASR 9922 | ||
| Cisco NCS 540-12Z20G-SYS-A | ||
| Cisco NCS 540-12Z20G-SYS-D | ||
| Cisco NCS 540 | ||
| Cisco NCS 540-28Z4C-SYS-A | ||
| Cisco NCS 540-28Z4C-SYS-D | ||
| Cisco NCS 540 Series | ||
| Cisco ncs 540x-12z16g-sys-a | ||
| Cisco NCS 540X-12Z16G-SYS-D | ||
| Cisco NCS 540X-16Z4G8Q2C-A/D | ||
| Cisco NCS 540X-16Z4G8Q2C-A/D | ||
| Cisco NCS 540 | ||
| Cisco NCS 5501-SE | ||
| Cisco NCS 5501-SE | ||
| Cisco NCS 5502 | ||
| Cisco NCS 5502-SE Firmware | ||
| Cisco NCS 5508 | ||
| Cisco NCS 5516 | ||
| Cisco IOS XRv 9000 | ||
| All of | ||
| Cisco IOS XRv 9000 | =5.2.5 | |
| Any of | ||
| Cisco NCS 6000 | ||
| Cisco NCS 6008-8-Slot Chassis | ||
| All of | ||
| Cisco IOS XRv 9000 | =6.4.2 | |
| Any of | ||
| Cisco ASR 9000v | ||
| Cisco ASR 9000v-v2 | ||
| Cisco ASR 9001 | ||
| Cisco ASR 9006 | ||
| Cisco ASR 9010 | ||
| Cisco ASR 9901-RP Firmware | ||
| Cisco ASR 9903 | ||
| Cisco ASR 9904 | ||
| Cisco ASR 9906 | ||
| Cisco ASR 9910 | ||
| Cisco ASR 9912 | ||
| Cisco ASR 9920 | ||
| Cisco ASR 9922 | ||
| Cisco CRS-X | ||
| All of | ||
| Cisco IOS XRv 9000 | =6.6.25 | |
| Cisco NCS 560-4 | ||
| All of | ||
| Cisco IOS XRv 9000 | =7.0.1 | |
| Cisco NCS 540 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3118?
CVE-2020-3118 is a vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software.
How does CVE-2020-3118 affect Cisco IOS XR Software?
CVE-2020-3118 could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device.
Which versions of Cisco IOS XR Software are affected by CVE-2020-3118?
Versions between 6.6.0 to 6.6.12 and between 7.0.0 to 7.0.2 of Cisco IOS XR Software are affected by CVE-2020-3118.
What is the severity of CVE-2020-3118?
CVE-2020-3118 has a severity rating of 8.8 (high).
How can I fix CVE-2020-3118 in Cisco IOS XR Software?
To fix CVE-2020-3118, it is recommended to update to a fixed software version as mentioned in the Cisco Security Advisory.
- agent/weakness
- agent/type
- agent/description
- agent/title
- agent/severity
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- vendor/cisco
- canonical/cisco ios xrv 9000
- version/cisco ios xrv 9000/6.6.0
- version/cisco ios xrv 9000/7.0.0
- version/cisco ios xrv 9000/6.5.3
- canonical/cisco asr 9000v-v2
- canonical/cisco asr 9001
- canonical/cisco asr 9006
- canonical/cisco asr 9010
- canonical/cisco asr 9901-rp firmware
- canonical/cisco asr 9904
- canonical/cisco asr 9906
- canonical/cisco asr 9910
- canonical/cisco asr 9912
- canonical/cisco asr 9922
- canonical/cisco ncs 540-12z20g-sys-a
- canonical/cisco ncs 540-12z20g-sys-d
- canonical/cisco ncs 540
- canonical/cisco ncs 540-28z4c-sys-a
- canonical/cisco ncs 540-28z4c-sys-d
- canonical/cisco ncs 540 series
- canonical/cisco ncs 540x-12z16g-sys-a
- canonical/cisco ncs 540x-12z16g-sys-d
- canonical/cisco ncs 540x-16z4g8q2c-a/d
- canonical/cisco ncs 5501-se
- canonical/cisco ncs 5502
- canonical/cisco ncs 5502-se firmware
- canonical/cisco ncs 5508
- canonical/cisco ncs 5516
- version/cisco ios xrv 9000/5.2.5
- canonical/cisco ncs 6000
- canonical/cisco ncs 6008-8-slot chassis
- version/cisco ios xrv 9000/6.4.2
- canonical/cisco asr 9000v
- canonical/cisco asr 9903
- canonical/cisco asr 9920
- canonical/cisco crs-x
- version/cisco ios xrv 9000/6.6.25
- canonical/cisco ncs 560-4
- version/cisco ios xrv 9000/7.0.1