External risk intelligence

Cisco IOS XR Discovery Protocol Code Execution Advisory

CVE advisoryKnown Exploit

CVE-2020-3118

An adjacent attacker may exploit a flaw in Cisco IOS XR Software's Discovery Protocol to execute arbitrary code or cause a device reload. This impacts operational stability and could lead to unauthorized administrative access.

1Halo Surface Signal

Out-of-bounds Write

Cisco Ios Xr

6.6.0 to before 6.6.127.0.0 to before 7.0.26.5.35.2.56.4.26.6.257.0.1

External exposure likelihood

Halo Surface Signal score for CVE-2020-3118

The vulnerability relies on the Cisco Discovery Protocol (CDP), which is a Layer 2 protocol. Exploitation requires the attacker to be on the same local broadcast domain as the affected device, making it inaccessible via the public internet.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Cisco IOS XR Software contains a vulnerability in its Cisco Discovery Protocol implementation. This flaw stems from improper validation of string input within specific fields of Cisco Discovery Protocol messages. An attacker in the same network segment as an affected device could potentially exploit this to execute arbitrary code or force a system reload. The primary business impact involves unauthorized code execution with administrative privileges and potential disruption of network services.

  • Vulnerable Cisco Discovery Protocol.
  • Improper string input validation.
  • Arbitrary code execution risk.
  • Potential service disruption.

Attack Path

How an attacker could exploit the issue

This vulnerability impacts network devices running Cisco IOS XR Software. An attacker can exploit this by sending a specially crafted Cisco Discovery Protocol message. Successful exploitation may lead to the execution of arbitrary code with administrative privileges or a device reload, affecting operational stability and data integrity.

  • Exposure: Devices must be accessible within the same network segment.
  • Attacker: An unauthenticated, adjacent network user.
  • Trigger: Malicious Cisco Discovery Protocol message.
  • Impact: Arbitrary code execution or device reload.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to execute arbitrary code with administrative privileges or cause a device reload. The exploit requires the attacker to be on the same network segment as the affected device. The Cisco Discovery Protocol is used for network device discovery.

  • Attackers need adjacent network access.
  • Exploitation could lead to code execution.
  • Business risk and urgency are HIGH.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability impacts Cisco IOS XR Software, potentially allowing an adjacent attacker to execute arbitrary code or reload an affected device. The issue stems from improper validation of Cisco Discovery Protocol messages. Successful exploitation could lead to the execution of code with administrative privileges on the device.

  • Identify exposed network assets.
  • Reduce network exposure.
  • Apply vendor fixes and verify.
  • Monitor for related issues.

Frequently asked questions

What is the Cisco IOS XR Software and its purpose?

Cisco IOS XR Software is an advanced network operating system designed for high-end Cisco routing and switching devices, serving large-scale networks for service providers and enterprises.

What is the weakness class of CVE-2020-3118?

CVE-2020-3118 is a format string vulnerability (CWE-134) and a buffer overflow vulnerability (CWE-787).

How can CVE-2020-3118 be exploited?

An unauthenticated attacker on the same local network segment can exploit this by sending a malicious Cisco Discovery Protocol message to an affected device, potentially causing a stack overflow to execute arbitrary code or reload the device.

What is the relevance of CVE-2020-3118 for network operations?

This vulnerability poses a HIGH risk, allowing for arbitrary code execution with administrative privileges or a device reload, impacting network stability and data integrity. The attack vector is adjacent, requiring the attacker to be in the same broadcast domain.

What steps should be taken to address CVE-2020-3118?

Organizations should identify network assets running Cisco IOS XR Software, reduce network exposure, apply vendor-provided fixes, and monitor for any related security events. Applying vendor updates is crucial to mitigate the risk of arbitrary code execution or device reloads.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified