CDPwn is a set of vulnerabilities which we will see today affecting Cisco network infrastructure equipment (switches, routers, IP phones and IP cameras). CDPwn vulnerabilities reside in the processing of Cisco Discovery Protocol (CDP) packets and are an example of the effect that Layer 2 protocols can have on network security but… before this, what is CDP?
What is the CDP protocol?
CDP is a protocol that works at layer 2 of the OSI (data link) model, which allows information to be exchanged between devices that are directly connected. The information provided by CDP is as follows:
▸Device Name
▸Platform
▸Remote computer
▸Software version
▸Your IP address
▸Remote interface
▸VTP domain name
▸Native VLAN
▸Duplex Status
Now we will look at the critical zero-day risks or vulnerabilities in Cisco Discovery Protocol that would allow remote code execution without requiring user interaction. Four of the five vulnerabilities are Remote Code Execution Vulnerabilities (RCE), (CVE-2020-3119 , CVE-2020-3111, CVE-2020-3110 and CVE-2020-3118), while one is a denial of service vulnerability -DoS- (CVE-2020-3120). Some of the risks derived from these zero-day vulnerabilities are: Breakdown of network segmentation, exfiltration of data from corporate network traffic, access to additional devices when carrying out attacks, ‘Man in the Middle’ to gain privileges on network devices and last but not least the exfiltration of data from devices such as IP phones and cameras.
We can take security measures such as:
▸Improve network segmentation to reduce broadcast domains
▸In this network segmentation use additional security measures for example using Cisco ISE using authentication to validate and monitor the network devices that connect to the network and profiling to configure the switch doors.
▸Update the software of the affected computers to the recommended version
Also check:
Blockchain and its problems and vulnerabilities
CRLF Injection – A Vulnerability that attacks servers
