CDPwn – Cisco patches 5 critical vulnerabilities that affect millions of devices.

Five critical vulnerabilities found in various implementations of the Cisco Discovery Protocol (CDP) could allow attackers on a local network to take over enterprise devices, as discovered by IoT security company Armis. (It is important to note that attacks can not be performed remotely and requires attackers to have access to internal networks.)

CDP is Cisco’s proprietary Layer 2 (Data Link Layer) network protocol that is included as part of the firmware on devices that is used to share information and communicate and detect the identity of other Cisco devices. This protocol is enabled by default in almost all Cisco products including routers, switches, wireless, voice and video.

The vulnerabilities, identified by IoT cybersecurity firm Armis, have been collectively codenamed CDPwn.

The discovery exposes vulnerabilities which could allow an attacker to fully take over all of these devices.  Four of the five vulnerabilities are remote code execution (RCE) vulnerabilities while one is a Denial of Service (DoS) vulnerability. Exploitation of the RCE vulnerabilities can lead to:

• Reconfiguration of network segmentation to make the network more vulnerable
• Data exfiltration of corporate network traffic traversing through an organization’s switches and routers
• Gaining access to additional devices by leveraging man-in-the-middle attacks by intercepting and altering traffic on the corporate switch
• Data exfiltration of sensitive information such as phone calls from devices like IP phones and video feeds from IP cameras

Cisco has provided updates, and these are available on their Security Advisory page.

The individual updates can be found here:

• CVE-2020-3120
• CVE-2020-3119
• CVE-2020-3118
• CVE-2020-3111
• CVE-2020-3110

Affected Devices

1. Routers:

   • ASR 9000 Series Aggregation Services Routers
   • Carrier Routing System (CRS)
   • Firepower 1000 Series
   • Firepower 2100 Series
   • Firepower 4100 Series
   • Firepower 9300 Security Appliances
   • IOS XRv 9000 Router
   • White box routers running Cisco IOS XR

   Switches:

   • Nexus 1000 Virtual Edge
   • Nexus 1000V Switch
   • Nexus 3000 Series Switches
   • Nexus 5500 Series Switches
   • Nexus 5600 Series Switches
   • Nexus 6000 Series Switches
   • Nexus 7000 Series Switches
   • Nexus 9000 Series Fabric Switches
   • MDS 9000 Series Multilayer Switches
   • Network Convergence System (NCS) 1000 Series
   • Network Convergence System (NCS) 5000 Series
   • Network Convergence System (NCS) 540 Routers
   • Network Convergence System (NCS) 5500 Series
   • Network Convergence System (NCS) 560 Routers
   • Network Convergence System (NCS) 6000 Series
   • UCS 6200 Series Fabric Interconnects
   • UCS 6300 Series Fabric Interconnects
   • UCS 6400 Series Fabric Interconnects

   IP Phones:

   • IP Conference Phone 7832
   • IP Conference Phone 8832
   • IP Phone 6800 Series
   • IP Phone 7800 Series
   • IP Phone 8800 Series
   • IP Phone 8851 Series
   • Unified IP Conference Phone 8831
   • Wireless IP Phone 8821
   • Wireless IP Phone 8821-EX

   IP Cameras:

   • Video Surveillance 8000 Series IP Cameras