A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce | Vendor Advisory |
http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 05:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html - Third Party Advisory, VDB Entry | |
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce - Vendor Advisory |
Information
Published : 2020-02-05 18:15
Updated : 2024-11-21 05:30
NVD link : CVE-2020-3119
Mitre link : CVE-2020-3119
CVE.ORG link : CVE-2020-3119
JSON object : View
Products Affected
cisco
- nexus_9348gc-fxp
- nexus_3064-t
- nexus_9516
- nexus_5596t
- nexus_9332c
- nexus_5548p
- nexus_92160yc-x
- nx-os
- nexus_3172
- nexus_93240yc-fx2
- nexus_3464c
- nexus_9372px-e
- nexus_92300yc
- nexus_3432d-s
- nexus_9372px
- nexus_3548-x
- nexus_34180yc
- ucs_6454
- nexus_36180yc-r
- nexus_9504
- nexus_3264q
- nexus_9372tx-e
- nexus_3524-x
- nexus_3548-xl
- nexus_31128pq
- nexus_93360yc-fx2
- nexus_9396tx
- nexus_3636c-r
- ucs_6300
- nexus_9000v
- nexus_5548up
- nexus_3548
- nexus_9364c
- nexus_9508
- ucs_6296up
- nexus_6004
- ucs_6248up
- nexus_3172tq
- ucs_6324
- nexus_93120tx
- nexus_92348gc-x
- nexus_92304qc
- nexus_5596up
- nexus_3132q-v
- ucs_64108
- nexus_9336c-fx2
- nexus_5672up
- nexus_93216tc-fx2
- nexus_3264c-e
- nexus_93108tc-fx
- nexus_93180lc-ex
- nexus_3408-s
- nexus_31108pc-v
- nexus_93180yc-ex
- nexus_3132q
- nexus_5648q
- nexus_9396px
- nexus_93128tx
- nexus_93108tc-ex
- nexus_3016
- nexus_9236c
- nexus_3524-xl
- nexus_56128p
- nexus_5696q
- nexus_3172pq-xl
- nexus_3048
- nexus_93180yc-fx
- nexus_31108tc-v
- nexus_3164q
- nexus_3524
- nexus_3132q-xl
- nexus_3232c_
- nexus_6001
- nexus_3064
- ucs_manager
- nexus_3132c-z
- nexus_5624q
- nexus_3172tq-32t
- nexus_3172tq-xl
- nexus_9372tx
- nexus_9332pq
- nexus_9336pq_aci_spine
- nexus_9272q
CWE
CWE-787
Out-of-bounds Write