⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-3118Use of Externally-Controlled Format String in Cisco IOS XR Software

CWE-134Use of Externally-Controlled Format StringCWE-787Out-of-bounds Write6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 48.23%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedFeb 5
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecified6.6.3
NVDcisco/ios_xr6.6.06.6.12+6

🔴Vulnerability Details

3
GHSA
GHSA-f7vj-6cqm-9xgc: A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute2022-05-24
CVEList
Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability2020-02-05
VulnCheck
Cisco IOS XR Software Discovery Protocol Format String Vulnerability2020

📋Vendor Advisories

2
CISA
Cisco IOS XR Software Discovery Protocol Format String Vulnerability2021-11-03
Cisco
Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability2020-02-05
CVE-2020-3118 — Cisco IOS XR Software vulnerability | cvebase