CVE-2020-3118

HIGH KEV

Cisco IOS XR >=6.6.0 <6.6.12 - Unauthenticated Remote Code Execution via Cisco Discovery Protocol Format String

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-3118 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.

Description

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0020
EPSS Percentile 42.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2020-10-20
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-24389
CWE
CWE-134 CWE-787
Status published
Products (6)
cisco/ios_xr 6.5.3
cisco/ios_xr 5.2.5
cisco/ios_xr 6.4.2
cisco/ios_xr 6.6.25
cisco/ios_xr 7.0.1
cisco/ios_xr 6.6.0 - 6.6.12
Published Feb 05, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026