Cisco and the Kr00k Wi-Fi vulnerability

[German]The CVE-2020-3172 vulnerability in Broadcom Wi-Fi chips also affects several Cisco products (switches, etc.). The company released a security advisory this week, but has not yet released firmware updates to close the vulnerability.


Regarding the vulnerability CVE-2020-3172 in Broadcom Wi-Fi chips, which became public on February 26, 2020, I already had a blog post Kr00k: Wi-Fi vulnerability puts millions of devices at risk, where I've mentioned that Cisco is also working on patches. On Twitter the topic was already pointed out yesterday – the following tweet, for example, deals with the topic.

On CVE-site says for CVE-2020-3172  states that a vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated remote attacker to execute arbitrary code as root or cause a Denial of Service (DoS) state on an affected device.

The vulnerability exists due to insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a prepackaged Cisco Discovery Protocol packet to an affected device adjacent to layer 2. A successful exploit could allow the attacker to cause a buffer overflow that could allow him to execute arbitrary code as root or cause a DoS condition on the affected device.

Notes: The Cisco Discovery Protocol is a layer-2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (layer 2 adjacent).

This vulnerability is different from the following Cisco FXOS and NX-OS software Cisco Discovery Protocol vulnerabilities that were announced by Cisco on February 5, 2020: Cisco FXOS, IOS XR and NX-OS Software Cisco Discovery Protocol Denial of Service vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution vulnerability.

Cisco has issued the previously mentioned security advisory Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability. Several WLAN Cisco products are affected by this vulnerability. A list of the affected Cisco devices can be found in the security advisory. What's silly: There are no firmware updates and no workarounds to fix this vulnerability. Cisco intends to release software updates that address this vulnerability. Bleeping Computer has published also this article with a summery.


Cookies helps to fund this blog: Cookie settings

This entry was posted in devices, Security, Software and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *