CVE-2020-3120

Name: CVE-2020-3120
Creator: NVD / NIST
Published: 2020-02-05T18:15:11.063+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 2.03%

Last modified Jun 17, 2026

CVE-2020-3120 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. EPSS estimates a 2.03% chance of exploitation in the next 30 days.

Description

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.03%

78.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Firepower Extensible Operating System	<= 2.3.1.173
Cisco	Firepower Extensible Operating System	>= 2.6, < 2.6.1.187
Cisco	Firepower Extensible Operating System	>= 2.7, < 2.7.1.106
Cisco	Fxos	2.4
Cisco	Ios Xr	5.2.5
Cisco	Ios Xr	6.4.2
Cisco	Ios Xr	6.5.3
Cisco	Ios Xr	6.6.25
Cisco	Ios Xr	7.0.1
Cisco	Nx-Os	>= 5.2, < 6.2\(29\)
Cisco	Nx-Os	>= 7.3, < 8.4\(1a\)
Cisco	Nx-Os	>= 5.2, < 5.2\(1\)sv5\(1.3\)
Cisco	Nx-Os	<= 5.2
Cisco	Nx-Os	< 5.2\(1\)sv3\(4.1b\)
Cisco	Nx-Os	>= 7.0\(3\)f2, < 9.3\(2\)
Cisco	Nx-Os	>= 7.0\(3\)i, < 7.0\(3\)i7\(8\)
Cisco	Nx-Os	< 7.3\(6\)n1\(1\)
Cisco	Nx-Os	< 6.2\(24\)
Cisco	Nx-Os	>= 7.2, < 7.3\(5\)d1\(1\)
Cisco	Nx-Os	>= 8.0, < 8.2\(5\)
Cisco	Nx-Os	>= 8.3, < 8.4\(2\)
Cisco	Nx-Os	< 13.2\(9b\)
Cisco	Nx-Os	>= 14.0, < 14.2\(1j\)
Cisco	Ucs Manager	< 3.2\(3m\)
Cisco	Ucs Manager	>= 4.0, < 4.0\(4g\)

References

http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.htmlThird Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dosVendor Advisory
http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.htmlThird Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dosVendor Advisory

Timeline

Published: Feb 5, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-3120?

How severe is CVE-2020-3120?

CVE-2020-3120 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 2.03% probability of exploitation in the next 30 days.

How do I fix CVE-2020-3120?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-3120?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST