CVE-2020-3118
Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability
In short
A flaw in Cisco IOS XR's Cisco Discovery Protocol allows an attacker on the same local network to crash the device or run malicious code by sending a specially crafted network packet. This happens because the software doesn't properly check the content of certain fields in these protocol messages.
Technical detail
A format string vulnerability in the CDP implementation of Cisco IOS XR Software allows an unauthenticated, Layer 2 adjacent attacker to trigger a stack overflow via malicious CDP packets with improper input validation in message fields. Successful exploitation permits arbitrary code execution with administrative privileges or device reload. The attack requires network presence in the same broadcast domain but no authentication.
Summary generated and translated by AI from the official description.
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.