Threat Advisory: Vulnerabilities Found in Cisco Discovery Protocol

February 6, 2020

Multiple vulnerabilities in the Cisco Discovery Protocol implementation of Cisco products were recently discovered by the Cisco Product Security Incident Response Team. These vulnerabilities are collectively known as "CDPwn". 

According to Cisco, the Cisco Discovery Protocol "facilitates the management of Cisco devices by discovering these devices, determining how they are configured, and allowing systems using different network-layer protocols to learn about each other."

The CDPwn vulnerabilities don't seem to be affecting Cisco ASAs and Firepower devices, but devices that are running IOS or IXOS (i.e. routers and switches). 

Currently, there is no known malicious use of the vulnerabilities found. In addition, threat actors must be in the same broadcast domain or subnet as the affected device for the vulnerabilities to be exploited. Therefore, the reported vulnerabilities require an existing foothold within the organization to be successfully exploited. If the protocol is enabled, it could result in remote code execution and denial of service attacks.

Cisco has provided a security advisory for each vulnerability found:

CVE ID

Cisco Security Advisory

CVSS Base Score

CVE-2020-3110

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability

8.8

CVE-2020-3111

Cisco Voice over Internet Protocol Phone Remote Code Execution and Denial of Service Vulnerability

8.8

CVE-2020-3118

Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability

8.8

CVE-2020-3119

Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability

8.8

CVE-2020-3120

Cisco FXOS, IOS XR and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability

7.4

Mitigation Strategies

While Cisco has released updates for these vulnerabilities, Herjavec Group recommends implementing the specific patches for any vulnerability found immediately. Herjavec Group’s analysts are working to apply detection and mitigation strategies where appropriate.

For Managed Services customers, our Managed Services team will engage with the appropriate technical contacts in your respective organizations directly to provide alerts, escalations, actions and or reports based on our service agreement with you. If you have questions or concerns, please engage your Herjavec Group account representative directly or contact Herjavec Group.

For more information on these custom alerts, our Managed Security Services SOC Support, Security Engineering Ability, or Incident Response Practice, please connect with us.

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn