Cisco routers have another high-risk vulnerability

Cisco
(Image credit: Future)
Audio player loading…

Cisco is warning users that a security vulnerability found in a number of its carrier-grade routers is actively being exploited in the wild by cybercriminals.

The vulnerability, tracked as CVE-2020-3118 (opens in new tab), affects the company's ASR 9000 series routers, iOS XRv 9000 router and the 540, 560, 1000, 5000, 5500 and 6000 series routers from its Network Convergence System (NCS) line. However, only routers running its Cisco IOS XR Software with the Cisco Discovery Protocol enabled globally and on at least one interface are vulnerable to potential attacks.

To exploit this vulnerability, an attacker could send a malicious Cisco Discovery Protocol packet to devices running a vulnerable version of Cisco's IOS XR Software to trigger a stack overflow which could lead to arbitrary code execution with administrative privileges.

CVE-2020-3118 is also among the 25 vulnerabilities (opens in new tab) actively being exploited in the wild by Chinese state-sponsored hackers included in the NSA's recent cybersecurity advisory. Thankfully though, the vulnerability can only be exploited by an unauthenticated adjacent attacker in the same broadcast domain as a vulnerable device.

CDPwn vulnerabilities

Back in February of this year, the IoT (opens in new tab) security company Armis discovered five zero-day vulnerabilities (opens in new tab) in various implementations of the Cisco Discovery Protocol and gave them the name CDPwn. Cisco then released a patch for CVE-2020-3118 and the other vulnerabilities later that month.

However, in its new security advisory (opens in new tab), the company warned users that have yet to update their routers that cybercriminals are now actively exploiting CVE-2020-3118 in the wild, saying:

“In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of attempted exploitation of this vulnerability in the wild. Cisco recommends that customers upgrade to a fixed Cisco IOS XR Software release to remediate this vulnerability.”

For users that are currently unable to apply Cisco's patches, the company recommends that they disable the Cisco Discovery Protocol globally and on an interface as a quick fix until they can update their devices.

  • Also check out our complete list of the best routers (opens in new tab) on the market

Via BleepingComputer (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.