Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution
Informations
Name VU#261385 First vendor Publication 2020-02-12
Vendor VU-CERT Last vendor Modification 2020-02-12
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 8.8
Base Score 8.8 Environmental Score 8.8
impact SubScore 5.9 Temporal Score 8.8
Exploitabality Sub Score 2.8
 
Attack Vector Adjacent Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 8.3 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 6.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

CVE-2020-3110 Cisco's Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value(TLV). The CVSS score reflected below is in regards to this vulnerability. CVE-2020-3111 Cisco Voice over Internet Protocol(VoIP)phones with CDP enabled are vulnerable to a stack overflow in the parsing of PortID type-length-value(TLV). CVE-2020-3118 Cisco's CDP subsystem of devices running,or based on,Cisco IOS XR Software are vulnerable to improper validation of string input from certain fields within a CDP message that could lead to a stack overflow. CVE-2020-3119 Cisco's CDP subsystem of devices running,or based on,Cisco NX-OS Software is vulnerable to a stack buffer overflow and arbitrary write in the parsing of Power over Ethernet(PoE)type-length-value(TLV). CVE-2020-3120 Cisco's CDP subsystem of devices running,or based on,Cisco NX-OS,IOS XR,and FXOS Software are vulnerable to a resource exhaustion denial-of-service condition.

Original Source

Url : https://kb.cert.org/vuls/id/261385

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
40 % CWE-20 Improper Input Validation
20 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 737
Application 3
Hardware 1
Os 123
Os 206
Os 9
Os 16
Os 11
Os 16
Os 1
Os 1
Os 1
Os 2
Os 1
Os 49
Os 16
Os 49
Os 16
Os 49
Os 16
Os 49
Os 16
Os 51
Os 16
Os 51
Os 16
Os 51
Os 16
Os 51
Os 16
Os 53
Os 16
Os 52
Os 16
Os 963
Os 3
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 6
Os 6

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2020-05-23 13:15:42
  • First insertion