Threat Advisory: Vulnerabilities Found in Cisco Discovery Protocol
February 6, 2020
Multiple vulnerabilities in the Cisco Discovery Protocol implementation of Cisco products were recently discovered by the Cisco Product Security Incident Response Team. These vulnerabilities are collectively known as "CDPwn".
According to Cisco, the Cisco Discovery Protocol "facilitates the management of Cisco devices by discovering these devices, determining how they are configured, and allowing systems using different network-layer protocols to learn about each other."
The CDPwn vulnerabilities don't seem to be affecting Cisco ASAs and Firepower devices, but devices that are running IOS or IXOS (i.e. routers and switches).
Currently, there is no known malicious use of the vulnerabilities found. In addition, threat actors must be in the same broadcast domain or subnet as the affected device for the vulnerabilities to be exploited. Therefore, the reported vulnerabilities require an existing foothold within the organization to be successfully exploited. If the protocol is enabled, it could result in remote code execution and denial of service attacks.
Cisco has provided a security advisory for each vulnerability found:
Cisco Security Advisory
CVSS Base Score
While Cisco has released updates for these vulnerabilities, Herjavec Group recommends implementing the specific patches for any vulnerability found immediately. Herjavec Group’s analysts are working to apply detection and mitigation strategies where appropriate.
For Managed Services customers, our Managed Services team will engage with the appropriate technical contacts in your respective organizations directly to provide alerts, escalations, actions and or reports based on our service agreement with you. If you have questions or concerns, please engage your Herjavec Group account representative directly or contact Herjavec Group.