Meraki

Community

CVE-2020-3119 - Cisco CDP does this affect Meraki MX?

Danny1
New here
‎Feb 7 2020 6:34 AM
‎Feb 7 2020 6:34 AM

CVE-2020-3119 - Cisco CDP does this affect Meraki MX?

Hi,

 

Cisco have recently released an update for the CDPwn vulnerability... does anyone know if this exploit also applies to Merkai devices? I can't find any mention of it from Meraki at all...

 

Edit: Apologies if this in the wrong place, and may be more MS related?

0 Kudos
7 Replies 7
NolanHerring
Kind of a big deal
‎Feb 7 2020 7:42 AM
‎Feb 7 2020 7:42 AM

I'm going to say that is a no, since Meraki switches do not run the firmware/software that the Cisco switches run on. Only unknown would be the new MS390 but even then I'm pretty sure its still not an issue.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
In response to NolanHerring
NolanHerring
Kind of a big deal
‎Feb 7 2020 7:44 AM
‎Feb 7 2020 7:44 AM

Also CDP is proprietary to Cisco, but I believe Meraki can 'hear' CDP but won't send CDP.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
In response to NolanHerring
jdsilva
Kind of a big deal
‎Feb 7 2020 7:54 AM
‎Feb 7 2020 7:54 AM

@NolanHerring wrote:
Also CDP is proprietary to Cisco, but I believe Meraki can 'hear' CDP but won't send CDP.

MX hears, but doesn't send, that's for sure. I'm pretty sure MS sends CDP though.

 

https://meraki.cisco.com/blog/2013/08/check-out-the-ms-switches-cdp-support-for-voice-vlans/

 

I'm not sure about MR.

 

 

Nothing about this has been posted on the Meraki Customer Advisories page. Best bet might be to call Support nad confirm.

 

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
In response to jdsilva
NolanHerring
Kind of a big deal
‎Feb 7 2020 8:02 AM
‎Feb 7 2020 8:02 AM

Oh? I figured CDP being 'cisco' wasn't baked into Meraki MS gear, but they were able to understand it. Can't seem to find anything on the subject other than it works for voice vlans for cisco phones.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
In response to NolanHerring
Nash
Kind of a big deal
‎Feb 7 2020 11:26 AM
‎Feb 7 2020 11:26 AM

Re: Meraki sending CDP vs. just receiving it

 

If you look at the getNetworkDeviceLldp_cdp call for, e.g., a switch with Meraki equipment hanging off of it...

 

1. MX only seems to send LLDP.

 

"2": {
    "lldp": {
        "sourcePort": "2",
        "systemName": "Meraki MX64",
        "portId": "2"
    }
}

 



2. MR sends both:

 

"1": {
    "cdp": {
        "sourcePort": "1",
        "deviceId": "e0cbbc######",
        "address": "192.168.2.105",
        "portId": "Port 0"
    },
    "lldp": {
        "sourcePort": "1",
        "systemName": "MR74",
        "portId": "0"
    }
}

 

3. MS sends both:

 

"48": {
    "lldp": {
        "sourcePort": "48",
        "systemName": "Meraki MS120-48FP",
        "managementAddress": "192.168.2.4",
        "portId": "2"
    },
    "cdp": {
        "sourcePort": "48",
        "deviceId": "ac17c8######",
        "address": "192.168.2.4",
        "portId": "Port 2"
    }
}

 

 

Windows 10 Client VPN scripts: Makes life better!
In response to Nash
cmr
Kind of a big deal
Kind of a big deal
‎Feb 7 2020 1:46 PM
‎Feb 7 2020 1:46 PM

Seeing as the CDP vulnerability doesn't affect IOS, IOS XE or many other 'midrange' products I'd be quite surprised if they were affected.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
hockeydude
Getting noticed
‎Feb 10 2020 9:59 AM
‎Feb 10 2020 9:59 AM

Meraki Support says it only affects IOS...

 

Greetings,

This exploit is only on IOS firmware. Meraki devices are not affected. the full list of affected devices can be found here:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce

Thank you,

Cisco Meraki Technical Support

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.