Hackers are targeting CVE-2020-3118 flaw in Cisco devices

cisco vulnerable cisco vulnerable

Cisco warns of attacks attempting to exploit the CVE-2020-3118 vulnerability that affects multiple carrier-grade routers running Cisco IOS XR Software.

Cisco is warning of attacks targeting the CVE-2020-3118 high severity vulnerability that affects multiple carrier-grade routers running the Cisco IOS XR Software.

The flaw resides in the Cisco Discovery Protocol implementation for Cisco IOS XR Software and could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload an affected device.

“The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device.” reads the advisory. “A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device.”

Cisco experts pointed out that the flaw can be exploited by unauthenticated adjacent attackers (Layer 2 adjacent) in the same broadcast domain as the vulnerable devices.

It is listed in top 25 vulnerabilities, shared by the NSA, exploited by Chinese state-sponsored hacking groups in attacks in the wild.

The IOS XR Network OS runs on several Cisco router families including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

The vulnerability also impacts third-party white box routers and Cisco products that have the Cisco Discovery Protocol enabled both on at least one interface and globally. Below the list of impacted devices:

ASR 9000 Series Aggregation Services RoutersCarrier Routing System (CRS)IOS XRv 9000 RouterNetwork Convergence System (NCS) 540 Series RoutersNetwork Convergence System (NCS) 560 Series RoutersNetwork Convergence System (NCS) 1000 Series RoutersNetwork Convergence System (NCS) 5000 Series RoutersNetwork Convergence System (NCS) 5500 Series RoutersNetwork Convergence System (NCS) 6000 Series RoutersCisco addressed the CVE-2020-3118 flaw in February 2020, along with four other severe issues collectively tracked as CDPwn.

“In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of attempted exploitation of this vulnerability in the wild,” states the updated advisory.

“Cisco recommends that customers upgrade to a fixed Cisco IOS XR Software release to remediate this vulnerability.”

The following table reports the fixed release for this flaw:

Cisco IOS XR Software ReleaseFirst Fixed Release for This VulnerabilityEarlier than 6.6Appropriate SMU6.616.6.3 or appropriate SMU7.07.0.2 (Mar 2020) or appropriate SMU7.1Not vulnerableThe advisory includes mitigation to address the flaw, the company suggests disabling Cisco Discovery Protocol Globally and on an Interface for customers who can immediately apply the security updates.

The post Hackers are targeting CVE-2020-3118 flaw in Cisco devices appeared first on Security Affairs.