Rewterz Threat Advisory – ICS: Siemens SIMATIC CP 1543-1
February 13, 2020Rewterz Threat Alert – Emotet Malware Hacks Nearby Wi-Fi Networks to Infect New Victims
February 14, 2020Rewterz Threat Advisory – ICS: Siemens SIMATIC CP 1543-1
February 13, 2020Rewterz Threat Alert – Emotet Malware Hacks Nearby Wi-Fi Networks to Infect New Victims
February 14, 2020Severity
High
Analysis Summary
The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device.
Impact
Privilege Escalation
Affected Vendors
Cisco
Affected Products
- Cisco Nexus 3000 Series Switches
- Cisco Nexus 5500 Platform Switches
- Cisco Nexus 5600 Platform Switches
- Cisco Nexus 6000 Series Switches
- Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
- Cisco Nexus 9000 Series Switches in standalone NX-OS mode
Remediation
Please refer to vendor’s advisory for the list of upgraded patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce