← Back

CVE-2020-3118

nvd nist
Published: Feb 5, 2020Modified: Oct 28, 2025CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Affected (7)

Products: Cisco: Ios Xr
Cisco
1 product
Ios Xr
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ios Xr
From 6.6.0 to 6.6.12
Ios Xr
From 7.0.0 to 7.0.2
Configuration B
1 vulnerable · 18 platform
Vulnerable SoftwareAffected Versions
Ios Xr
Version 6.5.3
Running on/withPlatform Versions
Cisco
Ncs 540 12z20g Sys A
All versions
Cisco
Ncs 540 12z20g Sys D
All versions
Cisco
Ncs 540 24z8q2c Sys
All versions
Cisco
Ncs 540 28z4c Sys A
All versions
Cisco
Ncs 540 28z4c Sys D
All versions
Cisco
Ncs 540 Acc Sys
All versions
Cisco
Ncs 540x 12z16g Sys A
All versions
Cisco
Ncs 540x 12z16g Sys D
All versions
Cisco
Ncs 540x 16z4g8q2c A
All versions
Cisco
Ncs 540x 16z4g8q2c D
All versions
Cisco
Ncs 540x Acc Sys
All versions
Cisco
Ncs 5501
All versions
Cisco
Ncs 5501 Se
All versions
Cisco
Ncs 5502
All versions
Cisco
Ncs 5502 Se
All versions
Cisco
Ncs 5508
All versions
Cisco
Ncs 5516
All versions
Cisco
Xrv 9000
All versions
Configuration C
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Ios Xr
Version 5.2.5
Running on/withPlatform Versions
Cisco
Ncs 6000
All versions
Cisco
Ncs 6008
All versions
Configuration D
1 vulnerable · 14 platform
Vulnerable SoftwareAffected Versions
Ios Xr
Version 6.4.2
Running on/withPlatform Versions
Cisco
Asr 9000
All versions
Cisco
Asr 9000v
All versions
Cisco
Asr 9001
All versions
Cisco
Asr 9006
All versions
Cisco
Asr 9010
All versions
Cisco
Asr 9901
All versions
Cisco
Asr 9903
All versions
Cisco
Asr 9904
All versions
Cisco
Asr 9906
All versions
Cisco
Asr 9910
All versions
Cisco
Asr 9912
All versions
Cisco
Asr 9920
All versions
Cisco
Asr 9922
All versions
Cisco
Crs X
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ios Xr
Version 6.6.25
Running on/withPlatform Versions
Cisco
Ncs 560
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ios Xr
Version 7.0.1
Running on/withPlatform Versions
Cisco
Ncs 540l
All versions

Related CWEs

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (5)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.