We would like to inform our customers about several
critical vulnerabilities in Cisco Discovery Protocol, which an
unauthorized attacker attacker can misuse to perform either a
Remote Code Execution or a
Denial of Service type of attack. There are five of these vulnerabilities rated from
CVSS 7,4 až 8,8. You can see an identifier for each of the vulnerabilities including their CVSSv3 rating below.
Using specially created packets sent to a vulnerable device, an unauthenticated attacker can exploit the vulnerability and thus can achieve a remote code execution or denial of service. Since CDP is a protocol operating on the L2 level, this is the case when the attacker must be on the same broadcast domain as the vulnerable device (typically a guest Wi-Fi network). Examples of vulnerable devices are some routers, switches, IP phones, and IP cameras using the CDP protocol. A complete list of devices for each individual vulnerability can be found on the Cisco website in the Security Advisory section or by following the link listed at
Cisco Discovery Protocol is allowed in default settings on some of the Cisco devices, for example routers with Cisco IOS XR.
Cisco issued a
security patch patch for the majority of vulnerable devices, or alternatively, a workaround can be used, as defined in the appropriate Security Advisory section.
To find out which systems in your network are vulnerable, we recommend
executing a control scan for resistance against these vulnerabilities using the Tenable tools – the Advanced Scan policy can be used, and the systems can be scanned for these specific vulnerabilities only. You can find the plug-ins detecting these vulnerabilities
here. We further recommend
banning the CDP protocol on all your devices and
performing a configuration audit and network components hardening.
Senior Security Specialist