Vulnerability Description
A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | >= 7.0\(3\)f2, < 9.3\(2\) |
| Cisco | Nexus 3016 | - |
| Cisco | Nexus 3048 | - |
| Cisco | Nexus 3064 | - |
| Cisco | Nexus 3064-T | - |
| Cisco | Nexus 31108Pc-V | - |
| Cisco | Nexus 31108Tc-V | - |
| Cisco | Nexus 31128Pq | - |
| Cisco | Nexus 3132C-Z | - |
| Cisco | Nexus 3132Q | - |
| Cisco | Nexus 3132Q-V | - |
| Cisco | Nexus 3132Q-Xl | - |
| Cisco | Nexus 3164Q | - |
| Cisco | Nexus 3172 | - |
| Cisco | Nexus 3172Pq-Xl | - |
| Cisco | Nexus 3172Tq | - |
| Cisco | Nexus 3172Tq-32T | - |
| Cisco | Nexus 3172Tq-Xl | - |
| Cisco | Nexus 3232C | - |
| Cisco | Nexus 3264C-E | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2020-3119?
CVE-2020-3119 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected dev...
How severe is CVE-2020-3119?
CVE-2020-3119 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3119?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 3016, Cisco Nexus 3048, Cisco Nexus 3064, Cisco Nexus 3064-T.