Vulnerabilities > CVE-2020-3118 - Out-of-bounds Write vulnerability in Cisco IOS XR

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

cisco

CWE-787

nessus

NVD

Published: 2020-02-05

Updated: 2022-12-23

Summary

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XR 7.0.0 Cisco IOS XR 7.0.1 Cisco IOS XR 6.6.0 Cisco IOS XR 6.6.1 Cisco IOS XR 6.6.2 Cisco IOS XR 6.6.3 Cisco IOS XR 6.6.4 Cisco IOS XR 6.5.3 Cisco IOS XR 5.2.5 Cisco IOS XR 6.4.2 Cisco IOS XR 6.6.25	13
Hardware	Cisco Cisco ASR 9000V - Cisco ASR 9001 - Cisco ASR 9006 - Cisco ASR 9010 - Cisco ASR 9901 - Cisco ASR 9904 - Cisco ASR 9906 - Cisco ASR 9910 - Cisco ASR 9912 - Cisco ASR 9922 - Cisco NCS 540 12Z20G SYS A - Cisco NCS 540 12Z20G SYS D - Cisco NCS 540 24Z8Q2C SYS - Cisco NCS 540 28Z4C SYS A - Cisco NCS 540 28Z4C SYS D - Cisco NCS 540 ACC SYS - Cisco NCS 540X 12Z16G SYS A - Cisco NCS 540X 12Z16G SYS D - Cisco NCS 540X 16Z4G8Q2C A - Cisco NCS 540X 16Z4G8Q2C D - Cisco NCS 540X ACC SYS - Cisco NCS 5501 - Cisco NCS 5501 SE - Cisco NCS 5502 - Cisco NCS 5502 SE - Cisco NCS 5508 - Cisco NCS 5516 - Cisco XRV 9000 - Cisco NCS 6000 - Cisco NCS 6008 - Cisco ASR 9000 - Cisco ASR 9903 - Cisco ASR 9920 - Cisco CRS X - Cisco NCS 560 - Cisco NCS 540L -	36

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20200205-IOSXR-CDP-RCE.NASL
description	According to its self-reported version, the Cisco IOS XR Software is affected by a remote code execution vulnerability within the Cisco Discovery Protocol due to improper validation of string input. An unauthenticated, adjacent attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. Please see the included Cisco BIDs and Cisco Security Advisory for more information
last seen	2020-05-21
modified	2020-02-10
plugin id	133603
published	2020-02-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133603
title	Cisco IOS XR Software Cisco Discovery Protocol Remote Code Execution Vulnerability (cisco-sa-20200205-iosxr-cdp-rce)

The Hacker News

id	THN:A3840EA7CD9A7AFC6440CDAED21F07D8
last seen	2020-02-05
modified	2020-02-05
published	2020-02-05
reporter	The Hacker News
source	https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html
title	5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

Vulnerabilities > CVE-2020-3118 - Out-of-bounds Write vulnerability in Cisco IOS XR

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

The Hacker News

Related news

References