back to article 'Tens of millions' of Cisco devices vulnerable to CDPwn flaws: Network segmentation blown apart by security bugs

Enterprise networking giant Cisco is expected to release a set of software fixes on Wednesday to address five critical vulnerabilities in devices that rely on the Cisco Discovery Protocol, known to its friends as CDP. CDP is a proprietary Layer 2 data link protocol for gathering information about networked devices. It's …

  1. Wellyboot Silver badge

    No CDP run!

    You do have a fully documented Network don't you?

    I know, a little flippant..

    1. tip pc Bronze badge

      Re: No CDP run!

      It’s all in someone’s head.

      Bob knows how to get from this segment to that via the outside interface of that internal asa done because some idiot promised it could be done despite the environment being engineered for traffic to flow the other way. Not documented because it’s a bodge that shouldn’t be repeated but is currently passing critical production traffic.

      1. Tom Paine Silver badge

        Re: No CDP run!

        Network segmentation? It'll never happen here.

  2. Alister Silver badge

    I'm alright Jack!

    Thankfully all our IP phones are SPA500 Series, which aren't vulnerable to this.

    1. Fabrizio
      Joke

      Re: I'm alright Jack!

      No running Doom in your IP phone for you!

      1. Captain Scarlet Silver badge

        Re: I'm alright Jack!

        hmm wonder if the 79xx series will run Doom.

        1. EnviableOne Silver badge

          Re: I'm alright Jack!

          unfortunatley you need the 89xx series for the color display

          not sure about the control keys though

          1. Captain Scarlet Silver badge

            Re: I'm alright Jack!

            Erm 79xx had both monochrome and colour displays?

  3. Pascal Monett Silver badge

    "Enterprises who are currently using network segmentation as their only mechanism to protect Enterprise of Things (EoT) devices from attack, and to protect enterprise computers from being attacked by compromised EoT devices, should rethink their approach,"

    There, FTFY

    1. mj.jam

      But if your main computer network and phone network are through the same hardware, any user could now do this. The insider threat is probably more of a worry than somebody who has hacked your other devices. To get to those they have already got through your network once.

      1. Tom Paine Silver badge

        ...unless, of course, any of them were exposed on the public net, Shodan, etc. But I'm sure that could never happen... :-|

  4. Anonymous Coward
    Anonymous Coward

    Just goes to show...

    That code from "trusted" suppliers can be as/more dangerous than that from else where that has been subjected to independent scrutiny by the security services.

    Still, they can be trusted in the core network...

    1. Irongut

      Re: Just goes to show...

      It's a good thing they aren't a high risk vendor.

  5. Anonymous Coward
    Anonymous Coward

    Doesn't help...

    If your enterprise doesn't like your department and refuses to support any of said hardware...

    Anon because I'm not giving any pointers.

  6. Version 1.0 Silver badge

    Security

    See, Cure, IT.

    Best done with a taser applied to the RJ45 connection.

  7. southen bastard

    And hewi is bad

    at least our chineese friends hide their servalince, MS and cissy co dont even bother, three letter agencies have knowen for sooooo long

  8. batfastad

    But... Huawei!

    see ^

    1. Anonymous Coward
      Anonymous Coward

      Re: But... Huawei!

      If Huawei copied the Cisco cdp code as well, I'd guess that they're also vulnerable.

      1. EnviableOne Silver badge

        Re: But... Huawei!

        but like dell the commands wont run as the C is trademarked so its called Industry Standard DP

  9. martinusher Silver badge

    Rule #1 -- Beware of home made protocols

    This is really Cisco showing its age. Back in the beforetimes it was easy to craft a DiY protocol for some "it seemed like a good idea at the time" purpose. (Exhibit 'A' for me would be the L2 packets Intel used to power on dormant computers -- its one of those 1990s ideas that seem really useful until it wasn't the 1990s any more.) I think people learned not to do that because it became a bit of maintenance millstone.

    The actual problem sees quite prosaic -- if you can access a device on the physical network that you can control then you can craft arbitrary packets to imitate any protocol. That's hardly earth-shattering news. You'd target smaller embedded devices because they often have well known security SNAFUs you can exploit and once in its easy to program the hardware to do anything you want.

    1. Rockets

      Re: Rule #1 -- Beware of home made protocols

      Interesting that IOS & IOS-XE aren't vulnerable according to the CVE which means it's not the actually the protocol but the software implementation of it on other platforms. NX-OS, IOS XR & FC-OS are all Linux based. Where IOS is BSD based and IOS-XE is Linux based running IOS as a process called "IOSd".

      1. mj.jam

        Re: Rule #1 -- Beware of home made protocols

        If you read the advisories, it turns out it is different TLV fields in different products. So not a protocol issue, just one parsing long messages, and probably missed size checks when copying fields across into structures. Likely to be different code bases for each product which is why these are all different.

        CVE-2020-3110 heap overflow in the parsing of DeviceID type-length-value (TLV)

        CVE-2020-3111 stack overflow in the parsing of PortID type-length-value (TLV)

        CVE-2020-3118 improper validation of string input from certain fields within a CDP message that could lead to a stack overflow

        CVE-2020-3119 stack buffer overflow and arbitrary write in the parsing of Power over Ethernet (PoE) type-length-value

        CVE-2020-3120 resource exhaustion DoS

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020