Cisco has issued patches for five critical vulnerabilities affecting the Cisco Discovery Protocol (CDP). The five vulnerabilities, collectively known as CDPwn, can allow attackers to remotely take over millions of devices using CDP.
What is CDP?
CDP is a Cisco proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. CDP is implemented virtually in all Cisco products including switches, routers, IP phones, and cameras.
What is CDPwn?
Discovered by researchers from Armis, CDPwn can allow an attacker to fully take over targeted devices. The vulnerabilities were disclosed to Cisco on August 29, 2019.
Four of the five vulnerabilities are remote code execution (RCE) vulnerabilities and the remaining one is a Denial of Service (DoS) vulnerability.
The exploitation of RCE vulnerabilities can lead to:
The five vulnerabilities are tracked as:
Securing against CDPwn
Cisco has released patches for CDPwn vulnerabilities. But there are also situations where system administrators cannot apply patches. In these cases, some temporary mitigation also exists.
“Enterprises should consider augmenting network segmentation with other security mechanisms. Since traditional agent-based security can’t be used with most EoT devices, other approaches such as network-based behavioral monitoring should be considered,” explained Armis researchers.