Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-3120
HistoryFeb 05, 2020 - 6:15 p.m.

CVE-2020-3120

2020-02-0518:15:11
CWE-190
[email protected]
web.nvd.nist.gov
87
cisco
discovery protocol
vulnerability
dos
cve-2020-3120
security

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

6.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

29.1%

JSON

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Affected configurations

NVD
Node
ciscofirepower_extensible_operating_systemRange2.3.1.173
OR
ciscofirepower_extensible_operating_systemRange2.62.6.1.187
OR
ciscofirepower_extensible_operating_systemRange2.72.7.1.106
OR
ciscofxosMatch2.4
AND
ciscofirepower_4110Match-
OR
ciscofirepower_4115Match-
OR
ciscofirepower_4120Match-
OR
ciscofirepower_4125Match-
OR
ciscofirepower_4140Match-
OR
ciscofirepower_4145Match-
OR
ciscofirepower_4150Match-
OR
ciscofirepower_9300Match-
Node
ciscoios_xrMatch5.2.5
AND
cisconcs_6000Match-
Node
ciscoios_xrMatch6.4.2
AND
ciscoasr_9000vMatch-
OR
ciscoasr_9001Match-
OR
ciscoasr_9006Match-
OR
ciscoasr_9010Match-
OR
ciscoasr_9901Match-
OR
ciscoasr_9904Match-
OR
ciscoasr_9906Match-
OR
ciscoasr_9910Match-
OR
ciscoasr_9912Match-
OR
ciscoasr_9922Match-
OR
ciscocrsMatch-
Node
ciscoios_xrMatch6.5.3
AND
ciscoasr_9000vMatch-
OR
ciscoasr_9001Match-
OR
ciscoasr_9006Match-
OR
ciscoasr_9010Match-
OR
ciscoasr_9901Match-
OR
ciscoasr_9904Match-
OR
ciscoasr_9906Match-
OR
ciscoasr_9910Match-
OR
ciscoasr_9912Match-
OR
ciscoasr_9922Match-
OR
cisconcs_5001Match-
OR
cisconcs_5002Match-
OR
cisconcs_5011Match-
OR
cisconcs_540-12z20g-sys-aMatch-
OR
cisconcs_540-12z20g-sys-dMatch-
OR
cisconcs_540-24z8q2c-sysMatch-
OR
cisconcs_540-28z4c-sys-aMatch-
OR
cisconcs_540-28z4c-sys-dMatch-
OR
cisconcs_540-acc-sysMatch-
OR
cisconcs_540x-12z16g-sys-aMatch-
OR
cisconcs_540x-12z16g-sys-dMatch-
OR
cisconcs_540x-16z4g8q2c-aMatch-
OR
cisconcs_540x-16z4g8q2c-dMatch-
OR
cisconcs_540x-acc-sysMatch-
OR
cisconcs_5501Match-
OR
cisconcs_5501-seMatch-
OR
cisconcs_5502Match-
OR
cisconcs_5502-seMatch-
OR
cisconcs_5508Match-
OR
cisconcs_5516Match-
OR
cisconcs_560Match-
OR
ciscoxrv_9000Match-
Node
ciscoios_xrMatch6.6.25
AND
cisconcs_560Match-
Node
ciscoios_xrMatch7.0.1
AND
cisconcs_540lMatch-
Node
cisconx-osRange5.26.2\(29\)
OR
cisconx-osRange7.38.4\(1a\)
AND
ciscomds_9132tMatch-
OR
ciscomds_9148sMatch-
OR
ciscomds_9148tMatch-
OR
ciscomds_9216Match-
OR
ciscomds_9216aMatch-
OR
ciscomds_9216iMatch-
OR
ciscomds_9222iMatch-
OR
ciscomds_9506Match-
OR
ciscomds_9509Match-
OR
ciscomds_9513Match-
OR
ciscomds_9706Match-
OR
ciscomds_9710Match-
OR
ciscomds_9718Match-
Node
cisconx-osRange5.25.2\(1\)sv5\(1.3\)
AND
cisconexus_1000veMatch-vsphere
Node
cisconx-osRange5.2
AND
cisconexus_1000vMatch-hyper-v
Node
cisconx-osRange<5.2\(1\)sv3\(4.1b\)
AND
cisconexus_1000vMatch-vsphere
Node
cisconx-osRange7.0\(3\)f29.3\(2\)
OR
cisconx-osRange7.0\(3\)i7.0\(3\)i7\(8\)
AND
cisconexus_3016Match-
OR
cisconexus_3048Match-
OR
cisconexus_3064Match-
OR
cisconexus_3064-tMatch-
OR
cisconexus_31108pc-vMatch-
OR
cisconexus_31108tc-vMatch-
OR
cisconexus_31128pqMatch-
OR
cisconexus_3132c-zMatch-
OR
cisconexus_3132qMatch-
OR
cisconexus_3132q-vMatch-
OR
cisconexus_3132q-xlMatch-
OR
cisconexus_3164qMatch-
OR
cisconexus_3172Match-
OR
cisconexus_3172pq-xlMatch-
OR
cisconexus_3172tqMatch-
OR
cisconexus_3172tq-32tMatch-
OR
cisconexus_3172tq-xlMatch-
OR
cisconexus_3232c_Match-
OR
cisconexus_3264c-eMatch-
OR
cisconexus_3264qMatch-
OR
cisconexus_3408-sMatch-
OR
cisconexus_34180ycMatch-
OR
cisconexus_3432d-sMatch-
OR
cisconexus_3464cMatch-
OR
cisconexus_3524Match-
OR
cisconexus_3524-xMatch-
OR
cisconexus_3524-xlMatch-
OR
cisconexus_3548Match-
OR
cisconexus_3548-xMatch-
OR
cisconexus_3548-xlMatch-
OR
cisconexus_36180yc-rMatch-
OR
cisconexus_3636c-rMatch-
OR
cisconexus_9000vMatch-
OR
cisconexus_92160yc-xMatch-
OR
cisconexus_92300ycMatch-
OR
cisconexus_92304qcMatch-
OR
cisconexus_92348gc-xMatch-
OR
cisconexus_9236cMatch-
OR
cisconexus_9272qMatch-
OR
cisconexus_93108tc-exMatch-
OR
cisconexus_93108tc-fxMatch-
OR
cisconexus_93120txMatch-
OR
cisconexus_93128txMatch-
OR
cisconexus_93180lc-exMatch-
OR
cisconexus_93180yc-exMatch-
OR
cisconexus_93180yc-fxMatch-
OR
cisconexus_93216tc-fx2Match-
OR
cisconexus_93240yc-fx2Match-
OR
cisconexus_9332cMatch-
OR
cisconexus_9332pqMatch-
OR
cisconexus_93360yc-fx2Match-
OR
cisconexus_9336c-fx2Match-
OR
cisconexus_9336pq_aci_spineMatch-
OR
cisconexus_9348gc-fxpMatch-
OR
cisconexus_9364cMatch-
OR
cisconexus_9372pxMatch-
OR
cisconexus_9372px-eMatch-
OR
cisconexus_9372txMatch-
OR
cisconexus_9372tx-eMatch-
OR
cisconexus_9396pxMatch-
OR
cisconexus_9396txMatch-
OR
cisconexus_9504Match-
OR
cisconexus_9508Match-
OR
cisconexus_9516Match-
Node
cisconx-osRange<7.3\(6\)n1\(1\)
AND
cisconexus_5548pMatch-
OR
cisconexus_5548upMatch-
OR
cisconexus_5596tMatch-
OR
cisconexus_5596upMatch-
OR
cisconexus_56128pMatch-
OR
cisconexus_5624qMatch-
OR
cisconexus_5648qMatch-
OR
cisconexus_5672upMatch-
OR
cisconexus_5696qMatch-
Node
cisconx-osRange<6.2\(24\)
OR
cisconx-osRange7.27.3\(5\)d1\(1\)
OR
cisconx-osRange8.08.2\(5\)
OR
cisconx-osRange8.38.4\(2\)
AND
cisconexus_7000Match-
OR
cisconexus_7700Match-
Node
cisconx-osRange<13.2\(9b\)
OR
cisconx-osRange14.014.2\(1j\)
AND
cisconexus_9000vMatch-
OR
cisconexus_92160yc-xMatch-
OR
cisconexus_92300ycMatch-
OR
cisconexus_92304qcMatch-
OR
cisconexus_92348gc-xMatch-
OR
cisconexus_9236cMatch-
OR
cisconexus_9272qMatch-
OR
cisconexus_93108tc-exMatch-
OR
cisconexus_93108tc-fxMatch-
OR
cisconexus_93120txMatch-
OR
cisconexus_93128txMatch-
OR
cisconexus_93180lc-exMatch-
OR
cisconexus_93180yc-exMatch-
OR
cisconexus_93180yc-fxMatch-
OR
cisconexus_93216tc-fx2Match-
OR
cisconexus_93240yc-fx2Match-
OR
cisconexus_9332cMatch-
OR
cisconexus_9332pqMatch-
OR
cisconexus_93360yc-fx2Match-
OR
cisconexus_9336c-fx2Match-
OR
cisconexus_9336pq_aci_spineMatch-
OR
cisconexus_9348gc-fxpMatch-
OR
cisconexus_9364cMatch-
OR
cisconexus_9372pxMatch-
OR
cisconexus_9372px-eMatch-
OR
cisconexus_9372txMatch-
OR
cisconexus_9372tx-eMatch-
OR
cisconexus_9396pxMatch-
OR
cisconexus_9396txMatch-
OR
cisconexus_9504Match-
OR
cisconexus_9508Match-
OR
cisconexus_9516Match-
Node
ciscoucs_managerRange<3.2\(3m\)
OR
ciscoucs_managerRange4.04.0\(4g\)
AND
ciscoucs_6248upMatch-
OR
ciscoucs_6296upMatch-
OR
ciscoucs_6300Match-
OR
ciscoucs_6324Match-
OR
ciscoucs_64108Match-
OR
ciscoucs_6454Match-

CNA Affected

[
  {
    "product": "Cisco IOS XR Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "2.3.1.173",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
attackerkb 1
cisco 1
cvelist 1
prion 1
nessus 4
checkpoint_advisories 1
cert 1
thn 1
threatpost 1
nvd
nvd
CVE-2020-3120
2020-02-05 18:15:11
attackerkb
attackerkb
CVE-2020-3120 (AKA: CDPwn)
2020-02-05 00:00:00
cisco
cisco
Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability
2020-02-05 16:00:00
cvelist
cvelist
CVE-2020-3120 Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability
2020-02-05 00:00:00
prion
prion
Race condition
2020-02-05 18:15:00
nessus
nessus
Cisco FXOS Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos)
2020-02-14 00:00:00
Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service (CVE-2020-3120)
2023-07-25 00:00:00
Cisco NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos)
2020-02-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Web Servers Buffer Overflow Attempt (CVE-2020-3119; CVE-2020-3120; CVE-2020-3172; CVE-2020-8450)
2020-12-27 00:00:00
cert
cert
Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution
2020-02-05 00:00:00
thn
thn
5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
2020-02-05 20:46:00
threatpost
threatpost
Critical Cisco ‘CDPwn’ Flaws Affect Millions of Devices
2020-02-05 16:00:41

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

6.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

29.1%

JSON
Related for CVE-2020-3120
nvd1attackerkb1cisco1cvelist1prion1nessus4checkpoint_advisories1cert1thn1threatpost1