Rewterz Threat Advisory – CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability
February 6, 2020Rewterz Threat Advisory – CVE-2020-6969 – ICS: AutomationDirect C-More Touch Panels
February 6, 2020Rewterz Threat Advisory – CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability
February 6, 2020Rewterz Threat Advisory – CVE-2020-6969 – ICS: AutomationDirect C-More Touch Panels
February 6, 2020Severity
High
Analysis Summary
The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device.
Impact
- Privilege escalation
- Arbitrary code execution
Affected Vendors
Cisco
Remediation
Please refer to vendor’s advisory for the list of affected products and patches.