Cisco Discovery Protocol (CDP) is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110), stack overflow in Cisco VoIP devices (CVE-2020-3111), a format string stack overflow vulnerability (CVE-2020-3118), stack overflow and arbitrary write (CVE-2020-3119), and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others. These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service.
Cisco's Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value (TLV). The CVSS score reflected below is in regards to this vulnerability.
CVE-2020-3110 and CVE-2020-3111, CVE-2020-3118, CVE-2020-3119
Apply an update
Thanks to Ben Seri of Armis Security for reporting this vulnerability.
This document was written by Madison Oliver.