VDB

CVE-2020-3118

CVE-2020-3118 PUBLISHED KEV CVSS 8.800000190734863 HIGH

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

EPSS 0.20% · 42.3th percentile

Risk Scores

CVSS 3.0
8.800000190734863
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.20%
42.3th percentile

Affected Products

VendorProductVersions
CiscoCisco IOS XR Softwareunspecified
ciscoios_xr6.5.3, 7.0.1, 5.2.5

Exploit Intelligence

…and 13 more exploits

Timeline

  • Feb 5, 2020 CVE Published
  • Feb 7, 2020 PoC Published
  • Oct 20, 2020 PoC Published
  • Oct 20, 2020 PoC Published
  • Oct 21, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Nov 3, 2021 CISA KEV Added
  • Nov 8, 2021 PoC Published
  • Nov 20, 2021 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›