Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2020-3118

Cisco | IOS XRAdded 2021-11-03Remediation Deadline 2022-05-03

Cisco IOS XR Software Discovery Protocol Format String Vulnerability

Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-134

References