First published: Wed Feb 05 2020(Updated: )
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce
Credit: Barak Hadad Armis
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XR Software | >=Earlier than 6.6=6.6<=7.0<7.0.2 (Mar 2020) or appropriate SMU | 7.0.2 (Mar 2020) or appropriate SMU |
Cisco IOS XR Software | =7.0.1<NCS540L>=6.6.12<=6.6.25<NCS560=XRV9K<xrv9k-6.5.3.CSCvr78185=NCS5500<ncs5500-6.5.3.CSCvr78185=NCS5K<ncs5k-6.5.3.CSCvr78185=NCS540<ncs540-6.5.3.CSCvr78185=ASR9K-X64<asr9k-x64-6.5.3.CSCvr78185=6.5.3<ASR9K-PX=CRS-PX<hfr-px-6.4.2.CSCvr78185=6.4.2<ASR9K-PX=5.2.5<NCS6K | NCS540L NCS560 xrv9k-6.5.3.CSCvr78185 ncs5500-6.5.3.CSCvr78185 ncs5k-6.5.3.CSCvr78185 ncs540-6.5.3.CSCvr78185 asr9k-x64-6.5.3.CSCvr78185 ASR9K-PX hfr-px-6.4.2.CSCvr78185 ASR9K-PX NCS6K |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Cisco Discovery Protocol Format String Vulnerability is cisco-sa-20200205-iosxr-cdp-rce.
The severity level of cisco-sa-20200205-iosxr-cdp-rce is high with a severity value of 8.8.
The vulnerability in Cisco Discovery Protocol for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device.
The Cisco IOS XR Software versions earlier than 6.6 and up to 7.0.2 (Mar 2020) or appropriate SMU are affected by the Cisco Discovery Protocol Format String Vulnerability.
To mitigate the Cisco Discovery Protocol Format String Vulnerability, update to Cisco IOS XR Software version 7.0.2 (Mar 2020) or the appropriate SMU.