About Bechtle
Newsroom
IT Solutions
2020
CDPwn - Get help now
IT Solutions - Feb 14, 2020

CDPwn - Get help now.

by Timo Seiler

In early February Armis discovered a weak spot known as "CDPwn" in the Cisco Discovery Protocol (CDP). Cisco released a series of updates shortly thereafter to close the discovered leak on several devices.

Written by

Timo Seiler
Account Manager

E-Mail: Timo.Seiler@stemmer.de

CDP is a protocol (Layer 2) developed by Cisco which allows the discovery and direct communication of different devices of the manufacturer in the network.

 

The following device groups are affected:

Heap Overflow in Cisco IP Cameras (CVE-2020-3110)
Stack Overflow in Cisco VoIP Devices (CVE-2020-3111)

 

Format String Stack Overflow (CVE-2020-3118)
Stack overflow and arbitrary write access (CVE-2020-3119)
Denial of Service (CVE-2020-3120) in NX-OS switches and IOS XR routers

 

The security gap could be used to bypass network quarantines and run malicious software. To do this, however, the attacker must already be present in the network.

 

If you have questions or need support, please get in touch with your contact person.

 IT-Security @Bechtle       Holistic security strategies

Share this page

Facebook Bechtle LinkedIn Bechtle Mail Bechtle WhatsApp Bechtle XING Bechtle
This post was published on Feb 14, 2020.

 

Workplace Security ▷ Security solutions from Bechtle

Companies are working more and more mobile, with employee smartphones and laptops. ➥ We show you how to master the Workplace Security challenge.

Customer story

Kracht – Bechtle forensics restores the IT

In February 2022, the company was attacked by unknown perpetrators, and important systems were brought to a halt. With the help of Bechtle’s forensic team that specialises in cyberattacks and the recovery process, Kracht was up and running again in only seven days.

 

Holistic, modern, secure: VMware Carbon Black

VMware Carbon Black consolidates and modernises your corporate IT security. ➤ Take your security approach to the next level! ➤

 

Security Escape-Room

Security Escape-Room for users

Customer story

HDG Bavaria – Work securely in the cloud

When the work of the 200 employees was to be moved more to the cloud, Bechtle secured the endpoints and mail traffic with a security solution from Trend Micro, enabling them to work remotely without any inconveniences.

Customer story

Digital flight attendant: TUI fly relies on apps with HanseVision.

Promotion

Zero Day Protection

Hacker nutzen zunehmend raffinierte Methoden, um in Unternehmensnetzwerke einzudringen. In jüngster Vergangenheit wurden Malware eingeschleust, Systeme verschlüsselt und anschließend Lösegeld gefordert. Lösegelderpressung ist das neue lukrative Geschäftsmodell der Entwickler von „Ransomware“.

Blog

PAM for endpoints.

PAM is a secure and very flexible way to manage highly granular access rights.

Promotion

Zero Day Protection

Endpoint Security bedeutet den Schutz aller Geräte, die in der Hand der Endanwender liegen. Das sind PCs, Macs, Linux-Rechner oder die verschiedensten Mobilgeräte.

Promotion

Perimeter Security – Cisco

Hacker nutzen zunehmend raffinierte Methoden, um in Unternehmensnetzwerke einzudringen. In jüngster Vergangenheit wurden Malware eingeschleust, Systeme verschlüsselt und anschließend Lösegeld gefordert. Lösegelderpressung ist das neue lukrative Geschäftsmodell der Entwickler von „Ransomware“.

 

IT security ▷ Protect your business against threats

IT security – Equip yourself with Bechtle’s holistic security offering to protect against threats ➥ Secure your business ✓ Protect yourself today.

Promotion

Zero Day Protection

Hacker nutzen zunehmend raffinierte Methoden, um in Unternehmensnetzwerke einzudringen. In jüngster Vergangenheit wurden Malware eingeschleust, Systeme verschlüsselt und anschließend Lösegeld gefordert. Lösegelderpressung ist das neue lukrative Geschäftsmodell der Entwickler von „Ransomware“.

Promotion

Endpoint Security – Cisco

Endpoint Security bedeutet den Schutz aller Geräte, die in der Hand der Endanwender liegen. Das sind PCs, Macs, Linux-Rechner oder die verschiedensten Mobilgeräte.

Promotion

Zero Day Protection

Hacker nutzen zunehmend raffinierte Methoden, um in Unternehmensnetzwerke einzudringen. In jüngster Vergangenheit wurden Malware eingeschleust, Systeme verschlüsselt und anschließend Lösegeld gefordert. Lösegelderpressung ist das neue lukrative Geschäftsmodell der Entwickler von „Ransomware“.

 

IT & Cyber Security ▷ Bechtle protects your company

IT & Cyber Security: For an all-round protection package for every entrepreneur ➥ SIEM ✓ Machine Learning ✓ Forensic Tools ✓ Find out more now at Bechtle.

Promotion

WithSecure Elements | The platform for all your security needs

Want to manage all your security needs from a single console? WithSecure Elements gives you the simple, flexible and clear solutions. Find out more at Bechtle now!

Promotion

Zero Day Protection

Endpoint Security bedeutet den Schutz aller Geräte, die in der Hand der Endanwender liegen. Das sind PCs, Macs, Linux-Rechner oder die verschiedensten Mobilgeräte.

Promotion

Proofpoint cybersecurity solutions | Cybersecurity

Proofpoint cybersecurity solutions Protect your employees and enterprise against targeted threats and compliance risks.

Promotion

Barracuda –The world’s most comprehensive and simple e-mail protection

Barracuda E-mail Protection offers end-to-end defence against all types of e-mail borne threats—from spam and ransomware to social engineering.

 

Infrastructure & Perimeter Security ▷ Securing corporate infrastructure

Infrastructure Security ➥ For network security and corporate infrastructure security ✓ IT Perimeter Security ✓ View Bechtle's services now

 

Bitdefender | Multi-layer endpoint security

A user-friendly and highly-precise EDR is part of Bitdefender’s comprehensive and integrated platform for endpoint protection.

Blog

Critical infrastructures – A focus on IT security

Cybersecurity is a defining topic for politics, society, administration and companies. This is also because cyber criminals often target critical infrastructures (KRITIS). Find out what these are, what is about to change and how Bechtle can support critical organisations here.

Promotion

Mimecast e-mail security | Software solutions

Mimecast software solutions ✔ E-mail security with cloud suite ✔ Become an expert with Bechtle ✔ Find out more with Bechtle.

Promotion

Rubrik – The next frontier in cybersecurity is data security

Keep your data secure, monitor data risk, and quickly recover your data, wherever it lives with Rubrik Security Cloud. LEARN MORE >

Promotion

CyberArk security solutions | Reliable protection

Protect sensitive business data with CyberArk security solutions ➥ A reliable expert in the protection of user accounts.

O