Rewterz Threat Advisory – CVE-2020-3111 – Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability
February 6, 2020Rewterz Threat Advisory – CVE-2020-3118 – Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability
February 6, 2020Rewterz Threat Advisory – CVE-2020-3111 – Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability
February 6, 2020Rewterz Threat Advisory – CVE-2020-3118 – Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability
February 6, 2020Severity
High
Analysis Summary
The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device.
Impact
- Privilege escalation
- Arbitrary code execution
Affected Vendors
Cisco
Remediation
Please refer to vendor’s advisory for the list of affected products and patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce