Lucene search

[email protected]NVD:CVE-2020-3118

HistoryFeb 05, 2020 - 6:15 p.m.

CVE-2020-3118

2020-02-0518:15:10

CWE-787

CWE-134

[email protected]

web.nvd.nist.gov

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Affected configurations

NVD

Node

ciscoios_xrRange6.6.0–6.6.12

ciscoios_xrRange7.0.0–7.0.2

Node

ciscoios_xrMatch6.5.3

AND

ciscoasr_9000vMatch-

ciscoasr_9001Match-

ciscoasr_9006Match-

ciscoasr_9010Match-

ciscoasr_9901Match-

ciscoasr_9904Match-

ciscoasr_9906Match-

ciscoasr_9910Match-

ciscoasr_9912Match-

ciscoasr_9922Match-

cisconcs_540-12z20g-sys-aMatch-

cisconcs_540-12z20g-sys-dMatch-

cisconcs_540-24z8q2c-sysMatch-

cisconcs_540-28z4c-sys-aMatch-

cisconcs_540-28z4c-sys-dMatch-

cisconcs_540-acc-sysMatch-

cisconcs_540x-12z16g-sys-aMatch-

cisconcs_540x-12z16g-sys-dMatch-

cisconcs_540x-16z4g8q2c-aMatch-

cisconcs_540x-16z4g8q2c-dMatch-

cisconcs_540x-acc-sysMatch-

cisconcs_5501Match-

cisconcs_5501-seMatch-

cisconcs_5502Match-

cisconcs_5502-seMatch-

cisconcs_5508Match-

cisconcs_5516Match-

ciscoxrv_9000Match-

Node

ciscoios_xrMatch5.2.5

AND

cisconcs_6000Match-

cisconcs_6008Match-

Node

ciscoios_xrMatch6.4.2

AND

ciscoasr_9000Match-

ciscoasr_9000vMatch-

ciscoasr_9001Match-

ciscoasr_9006Match-

ciscoasr_9010Match-

ciscoasr_9901Match-

ciscoasr_9903Match-

ciscoasr_9904Match-

ciscoasr_9906Match-

ciscoasr_9910Match-

ciscoasr_9912Match-

ciscoasr_9920Match-

ciscoasr_9922Match-

ciscocrs-xMatch-

Node

ciscoios_xrMatch6.6.25

AND

cisconcs_560Match-

Node

ciscoios_xrMatch7.0.1

AND

cisconcs_540lMatch-

References

packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON

Related for NVD:CVE-2020-3118

threatpost5 nessus1 cvelist1 cisa_kev1 prion1 cisco1 attackerkb1 cve1 thn1 cert1 qualysblog1 ics1