CDPwn is a set of vulnerabilities which we will see today affecting Cisco network infrastructure equipment (switches, routers, IP phones and IP cameras). CDPwn vulnerabilities reside in the processing of Cisco Discovery Protocol (CDP) packets and are an example of the effect that Layer 2 protocols can have on network security but… before this, what is CDP?<\/p>\n\n\n\n
CDP is a protocol that works at layer 2 of the OSI (data link) model, which allows information to be exchanged between devices that are directly connected. The information provided by CDP is as follows:<\/p>\n\n\n\n
\u25b8Device Name<\/em><\/strong><\/p>\n\n\n\n \u25b8Platform<\/em><\/strong><\/p>\n\n\n\n \u25b8Remote computer <\/em><\/strong><\/p>\n\n\n\n \u25b8Software version<\/em><\/strong> <\/p>\n\n\n\n \u25b8Your IP address<\/em><\/strong><\/p>\n\n\n\n \u25b8Remote interface<\/em><\/strong><\/p>\n\n\n\n \u25b8VTP domain name<\/em><\/strong><\/p>\n\n\n\n \u25b8<\/em><\/strong>Native VLAN<\/strong><\/em><\/p>\n\n\n\n \u25b8Duplex Status<\/em><\/strong><\/p>\n\n\n\n Now we will look at the critical zero-day risks or vulnerabilities in Cisco Discovery Protocol that would allow remote code execution without requiring user interaction. Four of the five vulnerabilities are Remote Code Execution Vulnerabilities (RCE), (CVE-2020-3119 , CVE-2020-3111, CVE-2020-3110 and CVE-2020-3118), while one is a denial of service vulnerability -DoS- (CVE-2020-3120). Some of the risks derived from these zero-day vulnerabilities are: Breakdown of network segmentation, exfiltration of data from corporate network traffic, access to additional devices when carrying out attacks, ‘Man in the Middle’ to gain privileges on network devices and last but not least the exfiltration of data from devices such as IP phones and cameras.<\/p>\n\n\n\n We can take security measures such as:<\/em><\/strong> <\/p>\n\n\n\n \u25b8Improve network segmentation to reduce broadcast domains<\/em><\/strong><\/p>\n\n\n\n \u25b8In this network segmentation use additional security measures for example using Cisco ISE using authentication to validate and monitor the network devices that connect to the network and profiling to configure the switch doors.<\/em><\/strong><\/p>\n\n\n\n \u25b8Update the software of the affected computers to the recommended version<\/em><\/strong><\/p>\n\n\n\n Also check: CDPwn is a set of vulnerabilities which we will see today affecting Cisco network infrastructure equipment (switches, routers, IP phones and IP cameras). CDPwn vulnerabilities reside in the processing of Cisco Discovery Protocol (CDP) packets and are an example of the effect that Layer 2 protocols can have on network security but… before this, what […]<\/p>\n","protected":false},"author":1,"featured_media":3116,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[36,197],"class_list":["post-3115","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerabilities"],"yoast_head":"\n
Blockchain and its problems and vulnerabilities<\/a>
CRLF Injection \u2013 A Vulnerability that attacks servers<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"