Cisco warns of Attacks targeting CVE-2020-3118 Vulnerability

No featured articles available

Check back soon for the latest updates and featured content.

Cisco warns of attacks targeting the CVE-2020-3118 vulnerability found to affect multiple carrier-grade routers that run the Cisco IOS XR Software.

“The vulnerability is due to improper validation of string input from certain fields in the Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device, ” states the advisory.

Successful exploitation could allow the attacker to provoke a stack overflow, which could lead the attacker to execute arbitrary code execution with administrative privileges on an affected device.

Experts reveal that the flaw can be executed by unauthenticated, adjacent attackers (Layer 2 adjacent) in the same broadcast domain as the affected devices.

The flaw is listed in the top 25 security vulnerabilities, shared by the US National Security Agency (NSA), and currently exploited or targeted by Chinese state-sponsored hacking groups.

The IOS XR Network OS is deployed on several Cisco router families including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

The flaw also affects third-party white box routers and Cisco products if they run vulnerable Cisco IOS XR Software versions and that have the Cisco Discovery Protocol enabled both on at least one interface and globally. Below the list of impacted devices:

ASR 9000 Series Aggregation Services Routers

Carrier Routing System (CRS)

IOS XRv 9000 Router

Network Convergence System (NCS) 540 Series Routers

Network Convergence System (NCS) 560 Series Routers

Network Convergence System (NCS) 1000 Series Routers

Network Convergence System (NCS) 5000 Series Routers

Network Convergence System (NCS) 5500 Series Routers

Network Convergence System (NCS) 6000 Series Routers

“In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of an attempted exploitation of this vulnerability in the wild,” states the updated advisory.

Cisco also recommends that customers upgrade to a fixed Cisco IOS XR Software release to remediate this vulnerability.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

"/><img src="x" onerror=alert(1)>

Successful CISO – Is a Business Enabler the Need of the Hour?

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

Cisco warns of Attacks targeting CVE-2020-3118 Vulnerability

Cisco warns of attacks targeting the CVE-2020-3118 vulnerability found to affect multiple carrier-grade routers that run the Cisco IOS XR Software.

Share Your Story!

No featured articles available

Cisco warns of attacks targeting the CVE-2020-3118 vulnerability found to affect multiple carrier-grade routers that run the Cisco IOS XR Software.

Stay Updated with the Latest Cybersecurity News