Rewterz Threat Alert – Iranian Campaign Tailored to US Companies Introduces TONEDEAF 2.0
February 3, 2020Rewterz Threat Advisory – CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability
February 6, 2020Rewterz Threat Alert – Iranian Campaign Tailored to US Companies Introduces TONEDEAF 2.0
February 3, 2020Rewterz Threat Advisory – CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability
February 6, 2020Severity
High
Analysis Summary
The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.
Impact
- Denial of service
- Remote code execution
Affected Vendors
Cisco
Remediation
Please refer to vendor’s advisory for the list of affected products and upgraded patches.