Cisco routers have another high-risk vulnerability

News
By published

Users with affected devices should apply Cisco's patches now

Cisco
(Image credit: Future)

Cisco is warning users that a security vulnerability found in a number of its carrier-grade routers is actively being exploited in the wild by cybercriminals.

The vulnerability, tracked as CVE-2020-3118, affects the company's ASR 9000 series routers, iOS XRv 9000 router and the 540, 560, 1000, 5000, 5500 and 6000 series routers from its Network Convergence System (NCS) line. However, only routers running its Cisco IOS XR Software with the Cisco Discovery Protocol enabled globally and on at least one interface are vulnerable to potential attacks.

To exploit this vulnerability, an attacker could send a malicious Cisco Discovery Protocol packet to devices running a vulnerable version of Cisco's IOS XR Software to trigger a stack overflow which could lead to arbitrary code execution with administrative privileges.

CVE-2020-3118 is also among the 25 vulnerabilities actively being exploited in the wild by Chinese state-sponsored hackers included in the NSA's recent cybersecurity advisory. Thankfully though, the vulnerability can only be exploited by an unauthenticated adjacent attacker in the same broadcast domain as a vulnerable device.

CDPwn vulnerabilities

Back in February of this year, the IoT security company Armis discovered five zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol and gave them the name CDPwn. Cisco then released a patch for CVE-2020-3118 and the other vulnerabilities later that month.

However, in its new security advisory, the company warned users that have yet to update their routers that cybercriminals are now actively exploiting CVE-2020-3118 in the wild, saying:

“In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of attempted exploitation of this vulnerability in the wild. Cisco recommends that customers upgrade to a fixed Cisco IOS XR Software release to remediate this vulnerability.”

For users that are currently unable to apply Cisco's patches, the company recommends that they disable the Cisco Discovery Protocol globally and on an interface as a quick fix until they can update their devices.

  • Also check out our complete list of the best routers on the market

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Google Gemini AI

Gemini can now see your screen and judge your tabs
See more latest
Most Popular
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets