Cisco is warning users that a security vulnerability found in a number of its carrier-grade routers is actively being exploited in the wild by cybercriminals.
The vulnerability, tracked as CVE-2020-3118 (opens in new tab), affects the company's ASR 9000 series routers, iOS XRv 9000 router and the 540, 560, 1000, 5000, 5500 and 6000 series routers from its Network Convergence System (NCS) line. However, only routers running its Cisco IOS XR Software with the Cisco Discovery Protocol enabled globally and on at least one interface are vulnerable to potential attacks.
To exploit this vulnerability, an attacker could send a malicious Cisco Discovery Protocol packet to devices running a vulnerable version of Cisco's IOS XR Software to trigger a stack overflow which could lead to arbitrary code execution with administrative privileges.
- We've put together a list of the best small business routers (opens in new tab) around
- Protect your privacy online with one of the best VPN (opens in new tab) services
- We've also highlighted the best endpoint protection (opens in new tab) software
CVE-2020-3118 is also among the 25 vulnerabilities (opens in new tab) actively being exploited in the wild by Chinese state-sponsored hackers included in the NSA's recent cybersecurity advisory. Thankfully though, the vulnerability can only be exploited by an unauthenticated adjacent attacker in the same broadcast domain as a vulnerable device.
Back in February of this year, the IoT (opens in new tab) security company Armis discovered five zero-day vulnerabilities (opens in new tab) in various implementations of the Cisco Discovery Protocol and gave them the name CDPwn. Cisco then released a patch for CVE-2020-3118 and the other vulnerabilities later that month.
However, in its new security advisory (opens in new tab), the company warned users that have yet to update their routers that cybercriminals are now actively exploiting CVE-2020-3118 in the wild, saying:
“In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of attempted exploitation of this vulnerability in the wild. Cisco recommends that customers upgrade to a fixed Cisco IOS XR Software release to remediate this vulnerability.”
For users that are currently unable to apply Cisco's patches, the company recommends that they disable the Cisco Discovery Protocol globally and on an interface as a quick fix until they can update their devices.
- Also check out our complete list of the best routers (opens in new tab) on the market
Via BleepingComputer (opens in new tab)