Cisco is warning users that a security vulnerability found in a number of its carrier-grade routers is actively being exploited in the wild by cybercriminals.
The vulnerability, tracked as CVE-2020-3118, affects the company’s ASR 9000 series routers, iOS XRv 9000 router and the 540, 560, 1000, 5000, 5500 and 6000 series routers from its Network Convergence System (NCS) line. However, only routers running its Cisco IOS XR Software with the Cisco Discovery Protocol enabled globally and on at least one interface are vulnerable to potential attacks.
To exploit this vulnerability, an attacker could send a malicious Cisco Discovery Protocol packet to devices running a vulnerable version of Cisco’s IOS XR Software to trigger a stack overflow which could lead to arbitrary code execution with administrative privileges.
CVE-2020-3118 is also among the 25 vulnerabilities actively being exploited in the wild by Chinese state-sponsored hackers included in the NSA’s recent cybersecurity advisory. Thankfully though, the vulnerability can only be exploited by an unauthenticated adjacent attacker in the same broadcast domain as a vulnerable device.
CDPwn vulnerabilities
Back in February of this year, the IoT security company Armis discovered five zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol and gave them the name CDPwn. Cisco then released a patch for CVE-2020-3118 and the other vulnerabilities later that month.
However, in its new security advisory, the company warned users that have yet to update their routers that cybercriminals are now actively exploiting CVE-2020-3118 in the wild, saying:
“In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of attempted exploitation of this vulnerability in the wild. Cisco recommends that customers upgrade to a fixed Cisco IOS XR Software release to remediate this vulnerability.”
For users that are currently unable to apply Cisco’s patches, the company recommends that they disable the Cisco Discovery Protocol globally and on an interface as a quick fix until they can update their devices.
- Also check out our complete list of the best routers on the market
Via BleepingComputer