Vulnerabilities > CVE-2020-3120 - Integer Overflow or Wraparound vulnerability in Cisco products
Summary
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family CISCO NASL id CISCO-SA-20200205-NXOS-CDP-DOS.NASL description According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service vulnerability within the Cisco Discovery Protocol due to missing a check when processing protocol messages. An unauthenticated, adjacent attacker can exploit this to cause the device to reboot. Please see the included Cisco BIDs and Cisco Security Advisory for more information last seen 2020-06-05 modified 2020-02-14 plugin id 133722 published 2020-02-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133722 title Cisco NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos) code #TRUSTED 58a142931319cdf5a093a0d0866c685c9c011c33d42151ccdc4217b0873c9a510dfa8a070f17ff0bad1196dd8e4d31a2e1415cb223d9547be3166823c0499da452581431e7e7ea6271f1c605d21e03cc94f3ad6b2a8746a19f99236f179d35e1eb1f1d9575e0dcb7c7ed1e724bbaa97a2c11e66bc0e408af308a18826a8ce783611cbc70899f8b5e923c0a6a2cd06dd30c347115f6cc4b62ce63efac9375093acd2c78e9ff876a6f0e992d8567dd890e36a4cefad9749374e6629e77d0f9bdd19d7523d38773bd64ff512fb73beb63e02a9469d0e84066b864f1a1acc1baa281ad6b45cdffcea1d4e762a4e9df03d8aead9a511d45ecfd92e7f4200ef85d38f32568795aed919fa0c438f0868ff1b19be86d8a58cf2dc536952cdd850cb83fad4081d862593e48d73df4159c3ed1ae3d77bc878d6817e8fe74a2b316e4e717078184bcfa325455c502e6559dd3015070206db306628dc413ca1e0d6773408fd2e63ce58a3bc45762871c7d44d09793c102aac8f5f87927354f6be6723b8b0d3a0327e723db65a7b0d925e4d307df45de40bb4765ef61b5e4dfec4ee121584a68894fa973f47bdb931e5de8918a7ca2c69d5c7e768c2a1d290084c59eddbc56a19eb6c936645d33af980873fa6d575b477e360a190f932b147dd9a908d322dfb2c373cf3df155e291d02c8f5871575b35bdff692ffab29614943b8ace7eaf0c2a # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133722); script_version("1.14"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2020-3120"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr14976"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr15072"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr15073"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr15078"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr15079"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr15082"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr15111"); script_xref(name:"CISCO-SA", value:"cisco-sa-20200205-fxnxos-iosxr-cdp-dos"); script_xref(name:"IAVA", value:"2020-A-0059"); script_name(english:"Cisco NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service vulnerability within the Cisco Discovery Protocol due to missing a check when processing protocol messages. An unauthenticated, adjacent attacker can exploit this to cause the device to reboot. Please see the included Cisco BIDs and Cisco Security Advisory for more information"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3303b2ba"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr14976"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15072"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15073"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15078"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15079"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15082"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15111"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvr14976, CSCvr15072, CSCvr15073, CSCvr15078, CSCvr15079, CSCvr15082, and CSCvr15111."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3120"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/14"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_nxos_version.nasl", "cisco_enum_smu.nasl"); script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device"); exit(0); } include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco NX-OS Software'); cbi = ''; if ('Nexus' >< product_info.device) { if (product_info.model =~ "^10[0-9][0-9]V") cbi = 'CSCvr15078'; if (product_info.model =~ "^10[0-9][0-9]" && 'SV' >< toupper(product_info.model)) cbi = 'CSCvr15078'; if (product_info.model =~ "^3[0-9]{3}") { cbi = 'CSCvr14976'; smus['7.0(3)I7(5a)'] = 'CSCvr09175-n9k_ALL-1.0.0'; smus['7.0(3)I7(6)'] = 'CSCvr09175-n9k_ALL-1.0.0'; smus['7.0(3)I7(7)'] = 'CSCvr09175-n9k_ALL-1.0.0'; } if (product_info.model =~ "^9[0-9]{3}") { cbi = 'CSCvr14976, CSCvr15072'; smus['7.0(3)I7(5a)'] = 'CSCvr09175-n9k_ALL-1.0.0'; smus['7.0(3)I7(6)'] = 'CSCvr09175-n9k_ALL-1.0.0'; smus['7.0(3)I7(7)'] = 'CSCvr09175-n9k_ALL-1.0.0'; } if (product_info.model =~ "^(5[56]|60)[0-9][0-9]") cbi = 'CSCvr15079'; if (product_info.model =~ "^70[0-9][0-9]") { cbi = 'CSCvr15073'; smus['8.4(1)'] = 'CSCvs27997'; } } else if ('UCS' >< product_info.device) { if (product_info.model =~ "^6[234][0-9][0-9]") cbi = 'CSCvr15082, CSCvr15111'; } else if ('MDS' >< product_info.device) { if (product_info.model =~ "^90[0-9][0-9]") cbi = 'CSCvr15073'; } if (empty_or_null(cbi)) audit(AUDIT_HOST_NOT, 'an affected model'); version_list=make_list( '5.0(1a)', '5.0(1b)', '5.0(4)', '5.0(4b)', '5.0(4c)', '5.0(4d)', '5.0(7)', '5.0(8)', '5.0(8a)', '5.2(1)', '5.2(3a)', '5.2(4)', '5.2(5)', '5.2(7)', '5.2(9)', '5.2(3)', '5.2(9a)', '5.2(2)', '5.2(2a)', '5.2(2d)', '5.2(2s)', '5.2(6)', '5.2(6b)', '5.2(8)', '5.2(8a)', '5.2(6a)', '5.2(8b)', '5.2(8c)', '5.2(8d)', '5.2(8e)', '5.2(8f)', '5.2(8g)', '5.2(8h)', '5.2(8i)', '6.1(1)', '6.1(2)', '6.1(3)', '6.1(4)', '6.1(4a)', '6.1(5)', '6.1(5a)', '4.2(1)SV1(4)', '4.2(1)SV1(4a)', '4.2(1)SV1(4b)', '4.2(1)SV1(5.1)', '4.2(1)SV1(5.1a)', '4.2(1)SV1(5.2)', '4.2(1)SV1(5.2b)', '4.2(1)SV2(1.1)', '4.2(1)SV2(1.1a)', '4.2(1)SV2(2.1)', '4.2(1)SV2(2.1a)', '4.2(1)SV2(2.2)', '4.2(1)SV2(2.3)', '5.0(2)N1(1)', '5.0(2)N2(1)', '5.0(2)N2(1a)', '5.0(3)A1(1)', '5.0(3)A1(2)', '5.0(3)A1(2a)', '5.0(3)N1(1c)', '5.0(3)N1(1)', '5.0(3)N1(1a)', '5.0(3)N1(1b)', '5.0(3)N2(1)', '5.0(3)N2(2)', '5.0(3)N2(2a)', '5.0(3)N2(2b)', '5.0(3)U1(1)', '5.0(3)U1(1a)', '5.0(3)U1(1b)', '5.0(3)U1(1d)', '5.0(3)U1(2)', '5.0(3)U1(2a)', '5.0(3)U1(1c)', '5.0(3)U2(1)', '5.0(3)U2(2)', '5.0(3)U2(2a)', '5.0(3)U2(2b)', '5.0(3)U2(2c)', '5.0(3)U2(2d)', '5.0(3)U3(1)', '5.0(3)U3(2)', '5.0(3)U3(2a)', '5.0(3)U3(2b)', '5.0(3)U4(1)', '5.0(3)U5(1)', '5.0(3)U5(1a)', '5.0(3)U5(1b)', '5.0(3)U5(1c)', '5.0(3)U5(1d)', '5.0(3)U5(1e)', '5.0(3)U5(1f)', '5.0(3)U5(1g)', '5.0(3)U5(1h)', '5.0(3)U5(1i)', '5.0(3)U5(1j)', '5.1(3)N1(1)', '5.1(3)N1(1a)', '5.1(3)N2(1)', '5.1(3)N2(1a)', '5.1(3)N2(1b)', '5.1(3)N2(1c)', '5.2(1)N1(1)', '5.2(1)N1(1a)', '5.2(1)N1(1b)', '5.2(1)N1(2)', '5.2(1)N1(2a)', '5.2(1)N1(3)', '5.2(1)N1(4)', '5.2(1)N1(5)', '5.2(1)N1(6)', '5.2(1)N1(7)', '5.2(1)N1(8a)', '5.2(1)N1(8)', '5.2(1)N1(8b)', '5.2(1)N1(9)', '5.2(1)N1(9a)', '5.2(1)N1(9b)', '5.2(1)SM1(5.1)', '5.2(1)SM1(5.2)', '5.2(1)SM1(5.2a)', '5.2(1)SM1(5.2b)', '5.2(1)SM1(5.2c)', '5.2(1)SM3(1.1)', '5.2(1)SM3(1.1a)', '5.2(1)SM3(1.1b)', '5.2(1)SM3(1.1c)', '5.2(1)SM3(2.1)', '5.2(1)SV3(1.4)', '5.2(1)SV3(1.1)', '5.2(1)SV3(1.3)', '5.2(1)SV3(1.5a)', '5.2(1)SV3(1.5b)', '5.2(1)SV3(1.6)', '5.2(1)SV3(1.10)', '5.2(1)SV3(1.15)', '5.2(1)SV3(2.1)', '5.2(1)SV3(2.5)', '5.2(1)SV3(2.8)', '5.2(1)SV3(3.1)', '5.2(1)SV3(1.2)', '5.2(1)SV3(1.4b)', '5.2(1)SV3(3.15)', '5.2(1)SV3(4.1)', '5.2(1)SV3(4.1a)', '6.0(2)A1(1)', '6.0(2)A1(1a)', '6.0(2)A1(1b)', '6.0(2)A1(1c)', '6.0(2)A1(1d)', '6.0(2)A1(1e)', '6.0(2)A1(1f)', '6.0(2)A1(2d)', '6.0(2)A3(1)', '6.0(2)A3(2)', '6.0(2)A3(4)', '6.0(2)A4(1)', '6.0(2)A4(2)', '6.0(2)A4(3)', '6.0(2)A4(4)', '6.0(2)A4(5)', '6.0(2)A4(6)', '6.0(2)A6(1)', '6.0(2)A6(1a)', '6.0(2)A6(2)', '6.0(2)A6(2a)', '6.0(2)A6(3)', '6.0(2)A6(3a)', '6.0(2)A6(4)', '6.0(2)A6(4a)', '6.0(2)A6(5)', '6.0(2)A6(5a)', '6.0(2)A6(5b)', '6.0(2)A6(6)', '6.0(2)A6(7)', '6.0(2)A6(8)', '6.0(2)A7(1)', '6.0(2)A7(1a)', '6.0(2)A7(2)', '6.0(2)A7(2a)', '6.0(2)A8(1)', '6.0(2)A8(2)', '6.0(2)A8(3)', '6.0(2)A8(4)', '6.0(2)A8(4a)', '6.0(2)A8(5)', '6.0(2)A8(6)', '6.0(2)A8(7)', '6.0(2)A8(7a)', '6.0(2)A8(7b)', '6.0(2)A8(8)', '6.0(2)A8(9)', '6.0(2)A8(10a)', '6.0(2)A8(10)', '6.0(2)A8(11)', '6.0(2)A8(11a)', '6.0(2)A8(11b)', '6.0(2)N1(1)', '6.0(2)N1(2)', '6.0(2)N1(2a)', '6.0(2)N1(1a)', '6.0(2)N2(1)', '6.0(2)N2(1b)', '6.0(2)N2(2)', '6.0(2)N2(3)', '6.0(2)N2(4)', '6.0(2)N2(5)', '6.0(2)N2(5a)', '6.0(2)N2(6)', '6.0(2)N2(7)', '6.0(2)N2(5b)', '6.0(2)U1(1)', '6.0(2)U1(2)', '6.0(2)U1(1a)', '6.0(2)U1(3)', '6.0(2)U1(4)', '6.0(2)U2(1)', '6.0(2)U2(2)', '6.0(2)U2(3)', '6.0(2)U2(4)', '6.0(2)U2(5)', '6.0(2)U2(6)', '6.0(2)U3(1)', '6.0(2)U3(2)', '6.0(2)U3(3)', '6.0(2)U3(4)', '6.0(2)U3(5)', '6.0(2)U3(6)', '6.0(2)U3(7)', '6.0(2)U3(8)', '6.0(2)U3(9)', '6.0(2)U4(1)', '6.0(2)U4(2)', '6.0(2)U4(3)', '6.0(2)U4(4)', '6.0(2)U5(1)', '6.0(2)U5(2)', '6.0(2)U5(3)', '6.0(2)U5(4)', '6.0(2)U6(1)', '6.0(2)U6(2)', '6.0(2)U6(3)', '6.0(2)U6(4)', '6.0(2)U6(5)', '6.0(2)U6(6)', '6.0(2)U6(7)', '6.0(2)U6(8)', '6.0(2)U6(1a)', '6.0(2)U6(2a)', '6.0(2)U6(3a)', '6.0(2)U6(4a)', '6.0(2)U6(5a)', '6.0(2)U6(5b)', '6.0(2)U6(5c)', '6.0(2)U6(9)', '6.0(2)U6(10)', '6.1(2)I1(3)', '6.1(2)I1(2)', '6.1(2)I2(1)', '6.1(2)I2(2)', '6.1(2)I2(2a)', '6.1(2)I2(3)', '6.1(2)I2(2b)', '6.1(2)I3(1)', '6.1(2)I3(2)', '6.1(2)I3(3)', '6.1(2)I3(4)', '6.1(2)I3(3a)', '6.1(2)I3(4a)', '6.1(2)I3(4b)', '6.1(2)I3(4c)', '6.1(2)I3(4d)', '6.1(2)I3(4e)', '6.1(2)I3(5)', '6.1(2)I3(5a)', '6.1(2)I3(5b)', '6.2(2)', '6.2(2a)', '6.2(6)', '6.2(6b)', '6.2(8)', '6.2(8a)', '6.2(8b)', '6.2(10)', '6.2(12)', '6.2(18)', '6.2(16)', '6.2(14b)', '6.2(14)', '6.2(14a)', '6.2(6a)', '6.2(20)', '6.2(1)', '6.2(3)', '6.2(5)', '6.2(5a)', '6.2(5b)', '6.2(7)', '6.2(9)', '6.2(9a)', '6.2(9b)', '6.2(9c)', '6.2(11)', '6.2(11b)', '6.2(11c)', '6.2(11d)', '6.2(11e)', '6.2(13)', '6.2(13a)', '6.2(13b)', '6.2(15)', '6.2(17)', '6.2(19)', '6.2(21)', '6.2(23)', '6.2(20a)', '6.2(25)', '6.2(17a)', '6.2(22)', '6.2(27)', '7.0(0)N1(1)', '7.0(1)N1(1)', '7.0(2)N1(1)', '7.0(3)F1(1)', '7.0(3)F2(1)', '7.0(3)F2(2)', '7.0(3)F3(1)', '7.0(3)F3(2)', '7.0(3)F3(3)', '7.0(3)F3(3a)', '7.0(3)F3(4)', '7.0(3)F3(3c)', '7.0(3)F3(5)', '7.0(3)I1(1)', '7.0(3)I1(1a)', '7.0(3)I1(1b)', '7.0(3)I1(2)', '7.0(3)I1(3)', '7.0(3)I1(3a)', '7.0(3)I1(3b)', '7.0(3)I1(1z)', '7.0(3)I2(2a)', '7.0(3)I2(2b)', '7.0(3)I2(2c)', '7.0(3)I2(2d)', '7.0(3)I2(2e)', '7.0(3)I2(3)', '7.0(3)I2(4)', '7.0(3)I2(5)', '7.0(3)I2(1)', '7.0(3)I2(1a)', '7.0(3)I2(2)', '7.0(3)I2(2r)', '7.0(3)I2(2s)', '7.0(3)I2(2v)', '7.0(3)I2(2w)', '7.0(3)I2(2x)', '7.0(3)I2(2y)', '7.0(3)I3(1)', '7.0(3)I4(1)', '7.0(3)I4(2)', '7.0(3)I4(3)', '7.0(3)I4(4)', '7.0(3)I4(5)', '7.0(3)I4(6)', '7.0(3)I4(7)', '7.0(3)I4(8)', '7.0(3)I4(8a)', '7.0(3)I4(8b)', '7.0(3)I4(8z)', '7.0(3)I4(1t)', '7.0(3)I4(6t)', '7.0(3)I4(9)', '7.0(3)I5(1)', '7.0(3)I5(2)', '7.0(3)I5(3)', '7.0(3)I5(3a)', '7.0(3)I5(3b)', '7.0(3)I6(1)', '7.0(3)I6(2)', '7.0(3)I7(1)', '7.0(3)I7(2)', '7.0(3)I7(3)', '7.0(3)I7(4)', '7.0(3)I7(5)', '7.0(3)I7(5a)', '7.0(3)I7(3z)', '7.0(3)I7(6)', '7.0(3)I7(6z)', '7.0(3)I7(7)', '7.0(3)IX1(2)', '7.0(3)IX1(2a)', '7.0(3)N1(1)', '7.0(4)N1(1)', '7.0(4)N1(1a)', '7.0(5)N1(1)', '7.0(5)N1(1a)', '7.0(6)N1(1)', '7.0(6)N1(4s)', '7.0(6)N1(3s)', '7.0(6)N1(2s)', '7.0(7)N1(1)', '7.0(7)N1(1b)', '7.0(7)N1(1a)', '7.0(8)N1(1)', '7.0(8)N1(1a)', '7.1(0)N1(1a)', '7.1(0)N1(1b)', '7.1(0)N1(1)', '7.1(1)N1(1)', '7.1(1)N1(1a)', '7.1(2)N1(1)', '7.1(2)N1(1a)', '7.1(3)N1(1)', '7.1(3)N1(2)', '7.1(3)N1(5)', '7.1(3)N1(4)', '7.1(3)N1(3)', '7.1(3)N1(2a)', '7.1(4)N1(1)', '7.1(4)N1(1d)', '7.1(4)N1(1c)', '7.1(4)N1(1a)', '7.1(5)N1(1)', '7.1(5)N1(1b)', '7.2(0)D1(1)', '7.2(0)N1(1)', '7.2(1)D1(1)', '7.2(1)N1(1)', '7.2(2)D1(2)', '7.2(2)D1(1)', '7.2(2)D1(3)', '7.2(2)D1(4)', '7.3(0)D1(1)', '7.3(0)DX(1)', '7.3(0)DY(1)', '7.3(0)N1(1)', '7.3(0)N1(1b)', '7.3(0)N1(1a)', '7.3(1)D1(1)', '7.3(1)DY(1)', '7.3(1)N1(1)', '7.3(2)D1(1)', '7.3(2)D1(2)', '7.3(2)D1(3)', '7.3(2)D1(3a)', '7.3(2)D1(1d)', '7.3(2)N1(1)', '7.3(2)N1(1b)', '7.3(2)N1(1c)', '7.3(3)N1(1)', '8.0(1)', '8.1(1)', '8.1(2)', '8.1(2a)', '8.1(1a)', '8.1(1b)', '8.2(1)', '8.2(2)', '8.2(3)', '8.2(4)', '8.3(1)', '8.3(2)', '9.2(1)', '9.2(2)', '9.2(2t)', '9.2(3)', '9.2(3y)', '9.2(4)', '9.2(2v)', '7.3(4)N1(1)', '7.3(4)N1(1a)', '7.3(3)D1(1)', '7.0(3)IA7(1)', '7.0(3)IA7(2)', '7.0(3)IC4(4)', '7.0(3)IM3(1)', '7.0(3)IM3(2)', '7.0(3)IM3(2a)', '7.0(3)IM3(2b)', '7.0(3)IM3(3)', '7.0(3)IM7(2)', '7.3(4)D1(1)', '7.3(5)N1(1)', '5.2(1)SK3(1.1)', '5.2(1)SK3(2.1)', '5.2(1)SK3(2.2)', '5.2(1)SK3(2.2b)', '5.2(1)SK3(2.1a)', '5.2(1)SV5(1.1)', '5.2(1)SV5(1.2)', '8.4(1)', '9.3(1)', '9.3(1z)' ); workarounds = make_list(CISCO_WORKAROUNDS['nxos_cdp']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info.version, 'bug_id' , cbi ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list, switch_only:TRUE, smus:smus );
NASL family CISCO NASL id CISCO-SA-20200205-FXOS-CDP-DOS.NASL description According to its self-reported version, Cisco FXOS Software is affected by a denial of service vulnerability within the Cisco Discovery Protocol due to missing a check when processing protocol messages. An unauthenticated, adjacent attacker can exploit this to cause the device to reboot. Please see the included Cisco BIDs and Cisco Security Advisory for more information last seen 2020-03-17 modified 2020-02-14 plugin id 133720 published 2020-02-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133720 title Cisco FXOS Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos) code #TRUSTED 6169d38be1654233a704ae15844de0a33fc833764be3c32264d3b8750905b30e59db1172d2012e54fc1ee7f2dfa974f0ffada0de60d98b67b8a69946c549d9209e19e27c1d1172af336838fe331eeb8f0f6417b6eed4a4357ffb4400846e208f20710f5e9360009acf5225f84b1e6d69fe85af305de147f29a5db4fa351d7201cf20091126a695ec9c3d1dbd5a8b5ca4c2f64ed1e12268eca1ecc597cfbf6e6275224dc8944fd5ce0b8a4b5531094ade73e20eac5c9da970ba64ff0d685636cbb40c67fbbfc23f98c9cde80a8f966a9166c4cba346d3b77e2f4d350d19c1910c7f0488b7cac08b849c69ad87f03e89eda7d1ed82bf6daf2714d5d23d114569a81217348daa349749704c06a70f5ca08ad6054bd945ce1a0a13b95d2d29c9591c7145a4a8ab429ab09403b37e80a0a9b0b02e4069ad18e02a4bb1fd8fff00ea0dd70b3fbd17b8bfd98a2340cdfac4890b7883c4e5ce05f25cbac37e3a3ccf30ac8caeebcb22ec9c9ca8f6990ea04836dee1319629b8e8b8c2d6e1e61e524276cd0dd21ac0ebe1649e3e1943e14b65ee3ec37eb33420935c2eafa1ae3f9f06accf1983db322cf5601c0f2314247d3f3bad61a03f9bfd23250e6832eaf41c52c4a8ebb9190e22037f253eb18273580a5c9b13781d0a6dc72f86bd9f43ba0610644e3230b7b700ead540fbb29cf5de2955186eb15919e652a2c0c7d7a023b0b9b3dd # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133720); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/18"); script_cve_id("CVE-2020-3120"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr15083"); script_xref(name:"CISCO-SA", value:"cisco-sa-20200205-fxnxos-iosxr-cdp-dos"); script_xref(name:"IAVA", value:"2020-A-0059"); script_name(english:"Cisco FXOS Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco FXOS Software is affected by a denial of service vulnerability within the Cisco Discovery Protocol due to missing a check when processing protocol messages. An unauthenticated, adjacent attacker can exploit this to cause the device to reboot. Please see the included Cisco BIDs and Cisco Security Advisory for more information"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3303b2ba"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15083"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvr15083."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3120"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:fxos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_enumerate_firepower.nbin", "cisco_asa_firepower_version.nasl"); script_require_keys("installed_sw/FXOS"); exit(0); } include('vcf.inc'); include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); app_info = vcf::get_app_info(app:'FXOS'); product_info = make_array('model' , app_info['Model'], 'version' , app_info['version'], 'name', 'FXOS'); if( isnull(product_info['model']) || product_info['model'] !~ "^(41|93)[0-9]{2}$" ) audit(AUDIT_HOST_NOT, 'affected'); vuln_ranges = [ {'min_ver' : '0.0', 'fix_ver': '2.3.1.173'}, {'min_ver' : '2.4', 'fix_ver': '2.5'}, {'min_ver' : '2.6', 'fix_ver': '2.6.1.187'}, {'min_ver' : '2.7', 'fix_ver': '2.7.1.106'} ]; workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['version'], 'bug_id' , 'CSCvr15083' ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_ranges );
NASL family CISCO NASL id CISCO-SA-20200205-IOSXR-CDP-DOS.NASL description According to its self-reported version, the Cisco IOS XR Software is affected by a denial of service vulnerability within the Cisco Discovery Protocol due to missing a check when processing protocol messages. An unauthenticated, adjacent attacker can exploit this to cause the device to reboot. Please see the included Cisco BIDs and Cisco Security Advisory for more information last seen 2020-05-21 modified 2020-02-14 plugin id 133721 published 2020-02-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133721 title Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos) code #TRUSTED 9f0394639ca4d55d086f9992c71ee96acd0d842594126cd69dbcb9c19a1f1f56f08ef9d0a3331efeacd7db03ad632e0ec677306c1ac712695ab4fba8505fd4a2c96b40d1060ba4e8283d1ee808f77c209e37b5487b25f70a569dd3f3ff5707c25fd6675302f33d9a731e60024131b51986738f3323cf0a33433391928eb0d634aa56ace9b707d54c1079dee2108df288918a65c8353430d868d328262e5b5c9add5596456c3a6cc9219cd8a543c005463009b29e4af9886e6f7985a6c0bf6df8df2b1e3d7106ca47546113da78d2b71347518304c15371ddca459f05074bb92ee92c103c1442fe6071166c2b9c4ed7f8f2b7ee305a0d325cae05006394a0ee9cb53c90bd73372421fdc93dd83440227bce9b28e0a0dcbc4c8b68b40667076eca8552a69515426974c5a5bd2084a19b2570978ba55eb2957972c06e65a306c34a0e70a264fed55f8c2c32773a28d8e71ee4db9960f7b58ff734ca3c935c3589db4abb6577439d780deac720736a6d820240b0a1d181f1964d7f11c1ee28f9cef29699a9c5d44768d4bd351f642e5e67a31e7d753f2fec771cafb8178ef8f602e4190e144c1c17543fc48573885afb3cfa06f2a038a4b819706bd179a8e5bcef3bd87b9d4e237742c1d0e785c5dcb3019a1fb56b8923860b95b0bf679073dae22725a3b9dce2ac4d144269f91f580bbe5e1c18cb1379ffb83d7ae731a3b89825ff # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133721); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20"); script_cve_id("CVE-2020-3120"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr15024"); script_xref(name:"CISCO-SA", value:"cisco-sa-20200205-fxnxos-iosxr-cdp-dos"); script_xref(name:"IAVA", value:"2020-A-0059"); script_name(english:"Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Cisco IOS XR Software is affected by a denial of service vulnerability within the Cisco Discovery Protocol due to missing a check when processing protocol messages. An unauthenticated, adjacent attacker can exploit this to cause the device to reboot. Please see the included Cisco BIDs and Cisco Security Advisory for more information"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3303b2ba"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15024"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvr15024."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3120"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_xr_version.nasl", "cisco_enum_smu.nasl"); script_require_keys("Host/Cisco/IOS-XR/Version"); exit(0); } include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco IOS XR'); model = get_kb_item('CISCO/model'); if (empty_or_null(model)) model = product_info['model']; model = toupper(model); if ('ASR9' >< model && 'X64' >!< model) { smus['6.4.2'] = 'CSCvr78185'; smus['6.5.3'] = 'CSCvr78185'; } else if ('ASR9' >< model) { smus['6.5.3'] = 'CSCvr78185'; } else if ('NCS5500' >< model) { smus['6.5.3'] = 'CSCvr78185'; } else if ('NCS540' >< model && 'L' >!< model) { smus['6.5.3'] = 'CSCvr78185'; } else if ('NCS6' >< model) { smus['5.2.5'] = 'CSCvr78185'; } else if ('XRV9' >< model || 'XRV 9' >< model) { smus['6.6.2'] = 'CSCvr78185'; } else if ('NCS560' >< model) { smus['6.6.25'] = 'CSCvr78185'; } else if ('CRS-PX' >< model) { smus['6.4.2'] = 'CSCvr78185'; } else if ('NCS5k' >< model) { smus['6.5.3'] = 'CSCvr78185'; } else if ('White box' >< model) { smus['6.6.12'] = 'CSCvr78185'; } else if ('NCS540L' >< model) { smus['7.0.1'] = 'CSCvr78185'; } vuln_ranges = [ {'min_ver' : '0', 'fix_ver' : '6.6.3'}, {'min_ver' : '6.6.12', 'fix_ver' : '6.6.13'}, {'min_ver' : '6.6.25', 'fix_ver' : '6.6.26'}, {'min_ver' : '7.0.0', 'fix_ver' : '7.0.2'} ]; workarounds = make_list(CISCO_WORKAROUNDS['cdp']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['version'], 'bug_id' , 'CSCvr15024' ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_ranges, smus:smus, router_only:TRUE );
The Hacker News
id | THN:A3840EA7CD9A7AFC6440CDAED21F07D8 |
last seen | 2020-02-05 |
modified | 2020-02-05 |
published | 2020-02-05 |
reporter | The Hacker News |
source | https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html |
title | 5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras |
References
- http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
- http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos