Armis specialists immediately discovered five serious vulnerabilities in the proprietary Cisco Discovery Protocol (CDP). The bugs are collectively called CDPwn .

CDP has been in use since the 1990s and allows Cisco devices to exchange information with each other (via multicast messages distributed within the local network). CDP is not very famous, and you can rarely hear about it, since it works inside local networks and is almost not supported by third-party manufacturers.

Four out of five vulnerabilities discovered by researchers allow arbitrary code execution, which allows a theoretical attacker to completely take control of Cisco devices that work with vulnerable CDP implementations. Another vulnerability can trigger denial of service (DoS) and can be used to interrupt the normal operation of devices.

Researchers write that all these vulnerabilities, in fact, are associated with heap or stack overflows, and, unfortunately, it is possible and completely easy to exploit them, which was demonstrated by experts using PoC exploits.

Perhaps the only good news is that attacks cannot be carried out via the Internet, because, as mentioned above, CDP works inside local networks, at the data link layer (Data Link layer). That is, to exploit the listed problems, an attacker will first need to penetrate the company’s network.

However, if hackers have already infiltrated the company or organization’s network, they can now use CDP to broadcast specially created packets within the local network and take control of vulnerable Cisco equipment. In such a situation, the main targets of the attackers will definitely be routers, switches, and firewalls, the compromise of which will disastrously affect the entire infrastructure of the company. Even worse, these devices come with CDP enabled by default.

CDP is also supported and enabled by default in other Cisco products, such as VoIP phones and IP cameras. Attacks on CDPwn can be effective against them. Through CDP, attackers will be able to infect phones and CCTV cameras with malware, steal data and even eavesdrop on voice and video calls.

According to Armis experts, the CDPwn problem affects all Cisco routers running IOS XR, all Nexus switches, Cisco Firepower firewalls, Cisco NCS systems, as well as all Cisco 8000 IP cameras and Cisco 7800 and 8800 VOIP phones (full list) vulnerable devices is available in the Armis report ).

Cisco engineers have already developed patches for all identified issues. A complete list of CDPwn vulnerabilities is as follows:

If for some reason the administrator cannot yet install the latest patches, experts strongly recommend disabling CDP at all, which will prevent exploitation of the CDPwn series vulnerabilities.

Join our WhatsApp group

Twitter:  Rapidsafeguard
Instagram: Rapidsafeguard
Facebook: Theeasyhack
YouTube: Rapidsafeguard
LinkedIn: Rapidsafeguard


Please enter your comment!
Please enter your name here