Security News > 2020 > February > Critical Cisco ‘CDPwn’ Protocol Flaws Explained: Podcast
Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol, the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment.
Every device, Cisco device, sends packets from time to time saying, 'Hi, my IP address is this, My name is this, my operating system is this' and all kinds of information and they collect the Cisco devices' information about one another, about their neighbors.
Then when you have all kinds of Cisco management products, you're able to view all the Cisco devices in your network.
So you asked about the wide array of devices impacted by this and that's true; you find this in the Cisco switches and routers; IP phones from Cisco; and these are devices that have a complete hold on the market in these fields.
BS: Yeah so actually, what piqued our interest for looking into this was a Cisco security advisory published around two years ago, that detailed some vulnerabilities that they found in LDP, which is another Discovery Protocol - not CDP protocol - but another Discovery Protocol, pretty similar to CDP. And this advisory mentioned that Cisco found some bugs that could lead to denial of service in a wider array of devices.
News URL
https://threatpost.com/behind-cdpwn-discovering-critical-cisco-protocol-flaws/152530/
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)