Cisco Security Advisory – 2020 Oct 21st

In Cyber Security by Matsco Engineering Team

Multiple vulnerabilities were identified in Cisco products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IP Phone, Cisco IOS XR Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected device.

The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device.

Affected Products: 

  • Cisco IP phones with Cisco Discovery Protocol enabled and running a vulnerable firmware release
  • Cisco IOS XR Software (32-bit or 64-bit) with Cisco Discovery Protocol enabled both globally and on at least one interface and if they are running a vulnerable release
  • Cisco NX-OS Software with Cisco Discovery Protocol enabled both globally and on at least one interface and if they are running a vulnerable release
  • Cisco NX-OS Software with Cisco Discovery Protocol enabled both globally and on at least one interface and if they are running a vulnerable release

 

For further information please refer to the links below:

IP phones
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos

IOS XR
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce

NX-OS
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos

Matsco recommends any affected systems are updated as soon as convenient.

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post