Researchers discovered 5 critical zero-day vulnerabilities (dubbed CDPwn) in Cisco Discovery Protocol that are used in multiple Cisco products such as Routers, Switches, IP phones, Cameras and more.
Cisco Discovery Protocol is also known as CDP is the Cisco proprietary Layer 2 (Data Link Layer) network protocol and is virtually implemented in Cisco products including switches, routers, IP phones, and cameras to discover the information about the Cisco equipment.
Four of the five vulnerabilities are remote code execution (RCE) vulnerabilities that affected 10 of millions of users, and it allows attackers to completely take over the vulnerable devices without any sort of user interaction.
One vulnerability cause Denial of Service in Cisco FXOS, IOS XR and NX-OS Software Cisco Discovery Protocol implemented target routers, and in turn, completely disrupt target networks.
Several Enterprise devices are affected by these Zero-day vulnerabilities, and the successful exploitation of these vulnerabilities causes severe damages in tens of millions of enterprise network devices.
List of Vulnerable Devices are Following:
Attackers can exploit all four vulnerabilities that affect a separate implementation of the CDP parsing mechanism by sending maliciously crafted CDP packet to the targeted Cisco devices.
A Stack overflow vulnerability in the parsing of CDP packets that affected the Cisco NX-OS software allows attackers to trigger due to a CDP packet containing too many PoE( Power over Ethernet) request fields.
Attacker causing te Stack overflow by sending a legitimate CDP packet with more power levels than the total number of power levels the switch expects to receive, thus it gives full control over the switch and the network infrastructure.
The vulnerability can be tracked as (CVE-2020-3119).
In this vulnerability, a stack overflow in the parsing function for the Port ID, can be exploited to gain code execution on the phone.
Attackers trigger this vulnerability in IP Phone by sending the maliciously crafted CDP packet directly from within the access switch to which target devices.
According to Armis research ” since broadcast CDP packets are also interpreted as legitimate CDP packets by the IP phones, an attacker could send an ethernet broadcast packet, that will trigger the vulnerability and cause DoS on all vulnerable devices on the same LAN, simultaneously. “
The vulnerability can be tracked as (CVE-2020-311).
A format string vulnerability occurs when parsing of certain string fields such as device ID, port ID for incoming CDP packets in the CDP implementation in IOS XR.
In this case, Attacker to control the format string parameter which leads to stack overflow thus attacker perform remote code execution and gain full control over the target router.
The vulnerability can be tracked as (CVE-2020-3118).
A Heap overflow vulnerability in the parsing of CDP packets in the implementation Cisco 8000 Series IP cameras let attackers execute remote code by reaching the certain condition.
The vulnerability can be tracked as (CVE-2020-3110).
According to Armis report, Exploitation of the dubbed CDPwn RCE vulnerabilities can lead to:
Cisco fixed all these vulnerabilities and issue a patch for the affected devices.
Enterprise users are advised to quickly apply the patch for the affected Cisco products.
Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian…
IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…
The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…
The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…
A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…