CVE-2020-3118

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A vulnerability in the Cisco Discovery Protocol implementation could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The issue is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this by sending a malicious Cisco Discovery Protocol packet to an affected device, potentially causing a stack overflow and allowing the execution of arbitrary code with administrative privileges. This vulnerability can be exploited by an attacker in the same broadcast domain as the affected device, as Cisco Discovery Protocol is a Layer 2 protocol.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.