Security News > 2020 > October > Chinese Hackers Target Cisco Discovery Protocol Vulnerability
Chinese state-sponsored hackers are targeting a Cisco Discovery Protocol vulnerability that was disclosed earlier this year, the networking giant and the U.S. National Security Agency revealed on Tuesday.
The list includes several vulnerabilities that were not known to have been targeted, including CVE-2020-3118, which impacts Cisco products.
CVE-2020-3118 is one of the five vulnerabilities in the Cisco Discovery Protocol implementation of IOS XR software that were disclosed in February by IoT security firm Armis.
Just as the NSA issued its warning on the vulnerabilities targeted by Chinese hackers, Cisco updated its advisory to inform customers that it received reports earlier this month of attackers attempting to exploit CVE-2020-3118 in the wild.
While it's unclear which Chinese threat actor has targeted the flaw, the group tracked as APT41 is known to have exploited Cisco product vulnerabilities in its attacks.
News URL
Related news
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Hackers inject malicious JS in Cisco store to steal credit cards, credentials (source)
- Cisco fixes root escalation vulnerability with public exploit code (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2020-3118 | Out-of-bounds Write vulnerability in Cisco IOS XR A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. | 8.8 |