Five zero-day vulnerabilities in Cisco Discovery Protocol
Last week, Armis released a statement about the discovery of five new zero-day vulnerabilities in the Cisco Discovery Protocol (CDP).
Every network specialist working with Cisco devices is familiar with CDP. It is a Layer 2 protocol in the OSI model, which lets Cisco devices find other Cisco devices connected to the same network. CDP is implemented in every type of Cisco-manufactured devices. Considering Cisco’s market share in local and wide area networks, IP telephony, videoconferencing and network security systems, it’s easy to imagine the scale of the threat.
The vulnerabilities, disclosed under the shared name CDPwn, allow attackers to take control of millions of devices worldwide. Four of the vulnerabilities allow for Remote Code Execution and one allows Denial of Service (DoS) attacks.
Exploiting these Cisco vulnerabilities, the attacker can:
- eavesdrop on telephone calls and videoconferences made using Cisco solutions
- capture data transferred via Cisco network devices
- disrupt the operations of corporate networks
Armis worked with Cisco before announcing these discoveries. Cisco has prepared appropriate patches and recommends that users of their solutions update their software immediately.
The Rapid7 vulnerability detection system offered by Nomios can help identify devices at risk from CDPwn.