Summary: A Stack overflow Vulnerability that leads to RCE was observed in Cisco NX-OS software and products. The vulnerability exists in the cdpd_poe_handle_pwr_tlvs function. Description: The Power Request TLV – a CDP TLV frame made for negotiation of Power-over-Ethernet parameters. The Power Request TLV contains a list of requested power specifications. The 16-bit list length … Continue reading “Cisco NX-OS CDP Stack Overflow Remote Code Execution Vulnerability(cisco-sa-20200205-nxos-cdp-rce,CVE-2020-3119)”
Tag: NX-OS
Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability (CVE-2020-3119)
Summary: Recently, multiple vulnerabilities were observed in Feb,2020 on Cisco’s various devices identified by researcher Barak Hadad of Armis. Out of which few were RCE, among which CVE-2020-3119 is one where an unauthenticated, adjacent attacker can arbitrary code execution. Description: Cisco switches, IP phones, routers and cameras information can be observed using this problematic protocol … Continue reading “Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability (CVE-2020-3119)”