Multiple vulnerabilities in the Cisco Discovery Protocol implementation of Cisco products were recently discovered by the Cisco Product Security Incident Response Team. These vulnerabilities are collectively known as “CDPwn”.
According to Cisco, the Cisco Discovery Protocol “facilitates the management of Cisco devices by discovering these devices, determining how they are configured, and allowing systems using different network-layer protocols to learn about each other.”
The CDPwn vulnerabilities don’t seem to be affecting Cisco ASAs and Firepower devices, but devices that are running IOS or IXOS (i.e. routers and switches).
Currently, there is no known malicious use of the vulnerabilities found. In addition, threat actors must be in the same broadcast domain or subnet as the affected device for the vulnerabilities to be exploited. Therefore, the reported vulnerabilities require an existing foothold within the organization to be successfully exploited. If the protocol is enabled, it could result in remote code execution and denial of service attacks.
Cisco has provided a security advisory for each vulnerability found:
| CVE ID | Cisco Security Advisory | CVSS Base Score |
| CVE-2020-3110 | Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability | 8.8 |
| CVE-2020-3111 | Cisco Voice over Internet Protocol Phone Remote Code Execution and Denial of Service Vulnerability | 8.8 |
| CVE-2020-3118 | Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability | 8.8 |
| CVE-2020-3119 | Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability | 8.8 |
| CVE-2020-3120 | Cisco FXOS, IOS XR and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability | 7.4 |
Mitigation Strategies
While Cisco has released updates for these vulnerabilities, Herjavec Group recommends implementing the specific patches for any vulnerability found immediately. Herjavec Group’s analysts are working to apply detection and mitigation strategies where appropriate.
For Managed Services customers, our Managed Services team will engage with the appropriate technical contacts in your respective organizations directly to provide alerts, escalations, actions and or reports based on our service agreement with you. If you have questions or concerns, please engage your Herjavec Group account representative directly or contact us.
For more information on these custom alerts, our Managed Security Services SOC Support, Security Engineering Ability, or Incident Response Practice, please connect with us.
Take the first step in transforming your cybersecurity program
Enterprise security teams are adapting to meet evolving business needs. With six global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Cyderes is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.
