Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol (CDP), the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. The flaws exist in the parsing of CDP packets, in the protocol implementation for various Cisco products, from its software to IP cameras. Cisco issued patches on Wednesday addressing the flaws, and is urging users to update as soon as possible. Researchers say that the vulnerabilities, which they collectively call CDPwn, can allow attackers to remotely take over millions of devices.
Source: https://threatpost.com/behind-cdpwn-discovering-critical-cisco-protocol-flaws/152530/