CVE-2020-3118
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Una vulnerabilidad en la implementación de Cisco Discovery Protocol para Cisco IOS XR Software, podría permitir a un atacante adyacente no autenticado ejecutar código arbitrario o causar una recarga sobre un dispositivo afectado. La vulnerabilidad es debido a la comprobación inapropiada de la entrada de cadena de determinados campos en los mensajes de Cisco Discovery Protocol. Un atacante podría explotar esta vulnerabilidad mediante el envío de un paquete malicioso de Cisco Discovery Protocol hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar un desbordamiento del búfer de la pila, lo que podría permitir al atacante ejecutar código arbitrario con privilegios administrativos sobre un dispositivo afectado. Cisco Discovery Protocol es un protocolo de Capa 2. Para explotar esta vulnerabilidad, un atacante debe encontrarse en el mismo dominio de difusión que el dispositivo afectado (Capa 2 adyacente).
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-12 CVE Reserved
- 2020-02-05 CVE Published
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2023-03-07 EPSS Updated
- 2024-11-08 CVE Updated
- ---------- First Exploit
CWE
- CWE-134: Use of Externally-Controlled Format String
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9000v Search vendor "Cisco" for product "Asr 9000v" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9001 Search vendor "Cisco" for product "Asr 9001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9006 Search vendor "Cisco" for product "Asr 9006" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9010 Search vendor "Cisco" for product "Asr 9010" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9901 Search vendor "Cisco" for product "Asr 9901" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9904 Search vendor "Cisco" for product "Asr 9904" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9906 Search vendor "Cisco" for product "Asr 9906" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9910 Search vendor "Cisco" for product "Asr 9910" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9912 Search vendor "Cisco" for product "Asr 9912" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9922 Search vendor "Cisco" for product "Asr 9922" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540-12z20g-sys-a Search vendor "Cisco" for product "Ncs 540-12z20g-sys-a" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540-12z20g-sys-d Search vendor "Cisco" for product "Ncs 540-12z20g-sys-d" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540-24z8q2c-sys Search vendor "Cisco" for product "Ncs 540-24z8q2c-sys" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540-28z4c-sys-a Search vendor "Cisco" for product "Ncs 540-28z4c-sys-a" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540-28z4c-sys-d Search vendor "Cisco" for product "Ncs 540-28z4c-sys-d" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540-acc-sys Search vendor "Cisco" for product "Ncs 540-acc-sys" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540x-12z16g-sys-a Search vendor "Cisco" for product "Ncs 540x-12z16g-sys-a" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540x-12z16g-sys-d Search vendor "Cisco" for product "Ncs 540x-12z16g-sys-d" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540x-16z4g8q2c-a Search vendor "Cisco" for product "Ncs 540x-16z4g8q2c-a" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540x-16z4g8q2c-d Search vendor "Cisco" for product "Ncs 540x-16z4g8q2c-d" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540x-acc-sys Search vendor "Cisco" for product "Ncs 540x-acc-sys" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501-se Search vendor "Cisco" for product "Ncs 5501-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502-se Search vendor "Cisco" for product "Ncs 5502-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5508 Search vendor "Cisco" for product "Ncs 5508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5516 Search vendor "Cisco" for product "Ncs 5516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Xrv 9000 Search vendor "Cisco" for product "Xrv 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 5.2.5 Search vendor "Cisco" for product "Ios Xr" and version "5.2.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 6000 Search vendor "Cisco" for product "Ncs 6000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 5.2.5 Search vendor "Cisco" for product "Ios Xr" and version "5.2.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 6008 Search vendor "Cisco" for product "Ncs 6008" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9000 Search vendor "Cisco" for product "Asr 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9000v Search vendor "Cisco" for product "Asr 9000v" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9001 Search vendor "Cisco" for product "Asr 9001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9006 Search vendor "Cisco" for product "Asr 9006" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9010 Search vendor "Cisco" for product "Asr 9010" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9901 Search vendor "Cisco" for product "Asr 9901" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9903 Search vendor "Cisco" for product "Asr 9903" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9904 Search vendor "Cisco" for product "Asr 9904" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9906 Search vendor "Cisco" for product "Asr 9906" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9910 Search vendor "Cisco" for product "Asr 9910" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9912 Search vendor "Cisco" for product "Asr 9912" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9920 Search vendor "Cisco" for product "Asr 9920" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9922 Search vendor "Cisco" for product "Asr 9922" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.4.2 Search vendor "Cisco" for product "Ios Xr" and version "6.4.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Crs-x Search vendor "Cisco" for product "Crs-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 6.6.25 Search vendor "Cisco" for product "Ios Xr" and version "6.6.25" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560 Search vendor "Cisco" for product "Ncs 560" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.0.1 Search vendor "Cisco" for product "Ios Xr" and version "7.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540l Search vendor "Cisco" for product "Ncs 540l" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 6.6.0 < 6.6.12 Search vendor "Cisco" for product "Ios Xr" and version " >= 6.6.0 < 6.6.12" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| ||||||