Researchers at IoT security firm Armis discovered a set of five serious vulnerabilities in the implementation of the Cisco Discovery Protocol (CDP) protocol. The experts tracked the set as CDPwn and warned that the issues could be exploited by attackers to take complete control of vulnerable devices.
Cisco Discovery Protocol (CDP) is a proprietary Data Link Layer protocol developed by Cisco Systems in 1994 that is used to share information about other directly connected Cisco equipment, including the operating system version and IP address.
The protocol is used by Cisco network equipment (switches, routers), IP phones, and cameras.
Four vulnerabilities of the CDPwn set are remote code execution (RCE) vulnerabilities, the other one is a Denial of Service (
An attacker could exploit the RCE vulnerabilities to break the network segmentation, to
Cisco has published security
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.