Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Cisco products are commonly deployed in enterprise networks worldwide, and CDP is generally enabled by default on these devices. To take advantage of CDPwn vulnerabilities, an attacker must have access to a network device and the ability to craft ethernet frames. A successful exploit enables an attacker to move laterally across network segments, exfiltrate sensitive data, or shut down parts of a network.
Kill Chain
Risk Score
90
Cisco devices identify and track other Cisco devices with CDP, a proprietary data link layer (L2) protocol. The software that parses CDP packets contains vulnerabilities. First, the attacker gains network access and sends a specially-designed CDP ethernet frame to a switch, camera, or phone inside the network. The packet data contains type, length, value (TLV) fields that ultimately cause a buffer overflow or memory allocation error on the victim device. The attacker is then able to run arbitrary code or cause a denial of service (DoS) attack.
Install relevant patches on all affected Cisco products
