Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Published: 2020-02-05
Updated: 2024-11-21
Summary
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Vulnerable Configurations
Part | Description | Count |
OS | Cisco | 17 |
Hardware | Cisco | 36 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20200205-IOSXR-CDP-RCE.NASL |
description | According to its self-reported version, the Cisco IOS XR Software is affected by a remote code execution vulnerability within the Cisco Discovery Protocol due to improper validation of string input. An unauthenticated, adjacent attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. Please see the included Cisco BIDs and Cisco Security Advisory for more information |
last seen | 2020-05-21 |
modified | 2020-02-10 |
plugin id | 133603 |
published | 2020-02-10 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/133603 |
title | Cisco IOS XR Software Cisco Discovery Protocol Remote Code Execution Vulnerability (cisco-sa-20200205-iosxr-cdp-rce) |