CVE-2020-3118

HIGH KEV

Cisco IOS XR - RCE

Title source: llm

Description

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

References (3)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3118

Scores

CVSS v3 8.8

EPSS 0.0028

EPSS Percentile 51.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-10-20

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-24389

CWE

CWE-134 CWE-787

Status published

Products (6)

cisco/ios_xr 6.5.3

cisco/ios_xr 5.2.5

cisco/ios_xr 6.4.2

cisco/ios_xr 6.6.25

cisco/ios_xr 7.0.1

cisco/ios_xr 6.6.0 - 6.6.12

Published Feb 05, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026