Denial of service in Cisco FXOS, IOS XR and NX-OS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-3120 |
| CWE-ID | CWE-190 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Cisco FXOS Operating systems & Components / Operating system Cisco IOS XR Operating systems & Components / Operating system Cisco NX-OS Operating systems & Components / Operating system Cisco MDS 9000 Series Multilayer Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco IOS XRv 9000 Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco ASR 9000 Series Aggregation Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Network Convergence System 6000 Series Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Network Convergence System 5500 Series Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Network Convergence System 5000 Series Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Network Convergence System 560 Series Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Network Convergence System 540 Series Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 9000 Series Switches NX-OS Mode Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 9000 Series Switches in ACI Mode Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 7000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 6000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 5600 Platform Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 5500 Platform Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 3000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 1000V Switch for VMware vSphere Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 1000V Switch for Microsoft Hyper-V Hardware solutions / Routers & switches, VoIP, GSM, etc UCS 6400 Series Fabric Interconnects Hardware solutions / Routers & switches, VoIP, GSM, etc UCS 6300 Series Fabric Interconnects Hardware solutions / Routers & switches, VoIP, GSM, etc UCS 6200 Series Fabric Interconnects Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Firepower 9300 Security Appliance Hardware solutions / Security hardware applicances Cisco Firepower 4100 Series Next-Generation Firewall Hardware solutions / Firmware Cisco Carrier Routing System Hardware solutions / Firmware Cisco Network Convergence System 1000 Series Hardware solutions / Firmware Nexus 1000 Virtual Edge for VMware vSphere Server applications / Other server solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Integer overflow
EUVDB-ID: #VU49026
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-3120
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the Cisco Discovery Protocol implementation. A remote attacker on the local network can send a specially crafted Cisco Discovery Protocol packet, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco FXOS: - - 2.7
Cisco IOS XR: 5.2.5 - 7.0.1
Cisco NX-OS: - - 14.2
Cisco MDS 9000 Series Multilayer Switches: 6.2.1 - 8.4.2.9
Cisco IOS XRv 9000 Router: All versions
Cisco Firepower 9300 Security Appliance: 2.4.200.10
Cisco Firepower 4100 Series Next-Generation Firewall: All versions
Cisco Carrier Routing System: All versions
Cisco ASR 9000 Series Aggregation Services Routers: 6.1.3
Cisco Network Convergence System 6000 Series Routers: All versions
Network Convergence System 5500 Series: All versions
Cisco Network Convergence System 5000 Series: All versions
Cisco Network Convergence System 1000 Series: All versions
Cisco Network Convergence System 560 Series Routers: All versions
Cisco Network Convergence System 540 Series Routers: All versions
Cisco Nexus 9000 Series Switches NX-OS Mode: All versions
Cisco Nexus 9000 Series Switches in ACI Mode: All versions
Cisco Nexus 7000 Series Switches: All versions
Cisco Nexus 6000 Series Switches: All versions
Nexus 5600 Platform Switches: All versions
Nexus 5500 Platform Switches: All versions
Cisco Nexus 3000 Series Switches: All versions
Nexus 1000V Switch for VMware vSphere: 5.2.1 SV5.1.2
Nexus 1000V Switch for Microsoft Hyper-V: All versions
Nexus 1000 Virtual Edge for VMware vSphere: All versions
UCS 6400 Series Fabric Interconnects: - - 4.0
UCS 6300 Series Fabric Interconnects: - - 4.0
UCS 6200 Series Fabric Interconnects: - - 4.0
CPE2.3- cpe:2.3:o:cisco_systems:cisco_fxos:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_fxos:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_fxos:2.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:6.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:6.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:6.6.12:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:6.6.25:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_mds_9000_series_multilayer_switches:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ios_xrv_9000_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_firepower_9300_security_appliance:2.4.200.10:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_firepower_4100_series_next-generation_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_carrier_routing_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_asr_9000_series_aggregation_services_routers:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_network_convergence_system_6000_series_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:network_convergence_system_5500_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_network_convergence_system_5000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_network_convergence_system_1000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_network_convergence_system_560_series_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_network_convergence_system_540_series_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches_nx-os_mode:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches_in_aci_mode:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_7000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_6000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5600_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5500_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_3000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_1000v_switch_for_vmware_vsphere:5.2.1 SV5.1.2:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_1000v_switch_for_microsoft_hyper-v:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:nexus_1000_virtual_edge_for_vmware_vsphere:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ucs_6400_series_fabric_interconnects:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ucs_6300_series_fabric_interconnects:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ucs_6200_series_fabric_interconnects:*:*:*:*:*:*:*:*
https://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
