Security News > 2020 > February > CDPwn vulnerabilities open millions of Cisco enterprise devices to attack

If you have Cisco equipment in your enterprise network - and chances are good that you have - you should check immediately which feature the newly revealed CDPwn vulnerabilities in Cisco' proprietary device discovery protocol and implement patches as soon as possible.

"Different models of devices that run Cisco FXOS Software, Cisco IP Camera Firmware, Cisco IP Phone Firmware, Cisco NX-OS Software, Cisco IOS-XR, and Cisco UCS Fabric Interconnects are affected by one or more of these vulnerabilities," a Cisco spokesman told Help Net Security.

Not affected: routers and switches that run Cisco IOS and Cisco IOS-XE Software, and firewalls such as the Cisco ASA, Cisco Firepower 1000 Series, and Cisco Firepower 2100 Series.

All of the flaws affect the Cisco Discovery Protocol - a Layer 2 protocol that runs on Cisco devices and facilitates their management by discovering them, determining how they are configured, and allowing systems using different network-layer protocols to learn about each other.

"A well-known security best practice is to disable Cisco Discovery Protocol on all interfaces that are connected to untrusted networks. Each security advisory provides detailed information on how to determine if Cisco Discovery Protocol is enabled in your device and how to disable it, if applicable," the Cisco spokesman pointed out.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/xEVPug7sffQ/