Security Alert (A20-02-01): Multiple Vulnerabilities in Cisco Products


 

Published on: 06 February 2020

  
  

Description:

Cisco released security advisories to address the vulnerabilities in the Cisco Discovery Protocol implementation of several Cisco products.  An unauthenticated attacker could exploit the vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device.  In order to make the attack successful, the attacker must be in the same broadcast domain or subnet as the affected device.

 

Affected Systems:

  • Cisco products running Cisco FXOS Software
  • Cisco products running Cisco IOS-XR Software
  • Cisco products running Cisco IP Camera Firmware
  • Cisco products running Cisco IP Phone Firmware
  • Cisco products running Cisco NX-OS Software

For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.

 

Impact:

A successful exploitation could lead to arbitrary code execution or denial of service on an affected system.

 

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.

System administrators are advised to follow the security best practice to disable the Cisco Discovery Protocol on all interfaces that are connected to untrusted networks. The following site created by the product vendor contains a summary of commands to disable Cisco Discovery Protocol in Cisco FXOS, Cisco IOS-XR, Cisco NX-OS, and Cisco UCS Fabric Interconnect:

https://community.cisco.com/t5/security-blogs/insights-about-multiple-vulnerabilities-in-cisco-discovery/ba-p/4023505

System administrators should contact their product support vendors for the fixes and assistance.

 

More Information:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos
https://community.cisco.com/t5/security-blogs/insights-about-multiple-vulnerabilities-in-cisco-discovery/ba-p/4023505
https://kb.cert.org/vuls/id/261385/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3118 (to CVE-2020-3120)

 



Tag: Cisco , Cisco FXOS , Cisco NX-OS
Tags