Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
February 6, 2020- Cisco Systems elevated a security advisory rating regarding a vulnerability in the Cisco Discovery Protocol implementation for Cisco devices which could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device.
The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which would allow the attacker to execute arbitrary code with administrative privileges on an affected device.
- Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
- Cisco Discovery Protocol is enabled on these products by default both globally and on all interfaces.
Cisco has published a security advisory containing additional details which is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos
What Platforms are Affected?
This vulnerability affects the following devices with Cisco Discovery Protocol enabled and running a vulnerable firmware release:
- IP Conference Phone 7832
- IP Conference Phone 7832 with Multiplatform Firmware
- IP Conference Phone 8832
- IP Conference Phone 8832 with Multiplatform Firmware
- IP Phone 6821, 6841, 6851, 6861, 6871 with Multiplatform Firmware
- IP Phone 7811, 7821, 7841, 7861 Desktop Phones
- IP Phone 7811, 7821, 7841, 7861 Desktop Phones with Multiplatform Firmware
- IP Phone 8811, 8841, 8851, 8861, 8845, 8865 Desktop Phones
- IP Phone 8811, 8841, 8851, 8861, 8845, 8865 Desktop Phones with Multiplatform Firmware
- Unified IP Conference Phone 8831
- Unified IP Conference Phone 8831 for Third-Party Call Control
- Wireless IP Phone 8821, 8821-EX
- Nexus 3000 Series Switches
- Nexus 5500 Platform Switches
- Nexus 5600 Platform Switches
- Nexus 6000 Series Switches
- Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
- Nexus 9000 Series Switches in standalone NX-OS mode
- UCS 6200 Series Fabric Interconnects
- UCS 6300 Series Fabric Interconnects
- UCS 6400 Series Fabric Interconnects
Affected version and workaround/permanent solution:
A workaround is to disable the CDP protocol on devices as it is globally turned on.
Cisco also fixed this vulnerability in the following Software releases. Please note devices with firmware before the First fixed release are considered affected:
Next Steps & Recommendations
FMS COLLABORATION SUPPORT CUSTOMERS
- Fidelus will reach out to discuss and coordinate next steps.
- In the interim, please feel free to reach out with any questions.
NON MANAGED SERVICES CUSTOMERS
- Fidelus may be engaged via PSR or service request to assist with your internal efforts to upgrade any susceptible device.
Please reach out with any questions regarding entitlement, or the vulnerability, and we will assist as possible