CVE-2020-3119 - Cisco CDP does this affect Meraki MX?

Danny1
New here

CVE-2020-3119 - Cisco CDP does this affect Meraki MX?

Hi,

 

Cisco have recently released an update for the CDPwn vulnerability... does anyone know if this exploit also applies to Merkai devices? I can't find any mention of it from Meraki at all...

 

Edit: Apologies if this in the wrong place, and may be more MS related?

7 Replies 7
NolanHerring
Kind of a big deal

I'm going to say that is a no, since Meraki switches do not run the firmware/software that the Cisco switches run on. Only unknown would be the new MS390 but even then I'm pretty sure its still not an issue.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
NolanHerring
Kind of a big deal

Also CDP is proprietary to Cisco, but I believe Meraki can 'hear' CDP but won't send CDP.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
jdsilva
Kind of a big deal


@NolanHerring wrote:
Also CDP is proprietary to Cisco, but I believe Meraki can 'hear' CDP but won't send CDP.

MX hears, but doesn't send, that's for sure. I'm pretty sure MS sends CDP though.

 

https://meraki.cisco.com/blog/2013/08/check-out-the-ms-switches-cdp-support-for-voice-vlans/

 

I'm not sure about MR.

 

 

Nothing about this has been posted on the Meraki Customer Advisories page. Best bet might be to call Support nad confirm.

 

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

NolanHerring
Kind of a big deal

Oh? I figured CDP being 'cisco' wasn't baked into Meraki MS gear, but they were able to understand it. Can't seem to find anything on the subject other than it works for voice vlans for cisco phones.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Nash
Kind of a big deal

Re: Meraki sending CDP vs. just receiving it

 

If you look at the getNetworkDeviceLldp_cdp call for, e.g., a switch with Meraki equipment hanging off of it...

 

1. MX only seems to send LLDP.

 

"2": {
    "lldp": {
        "sourcePort": "2",
        "systemName": "Meraki MX64",
        "portId": "2"
    }
}

 



2. MR sends both:

 

"1": {
    "cdp": {
        "sourcePort": "1",
        "deviceId": "e0cbbc######",
        "address": "192.168.2.105",
        "portId": "Port 0"
    },
    "lldp": {
        "sourcePort": "1",
        "systemName": "MR74",
        "portId": "0"
    }
}

 

3. MS sends both:

 

"48": {
    "lldp": {
        "sourcePort": "48",
        "systemName": "Meraki MS120-48FP",
        "managementAddress": "192.168.2.4",
        "portId": "2"
    },
    "cdp": {
        "sourcePort": "48",
        "deviceId": "ac17c8######",
        "address": "192.168.2.4",
        "portId": "Port 2"
    }
}

 

 

cmr
Kind of a big deal
Kind of a big deal

Seeing as the CDP vulnerability doesn't affect IOS, IOS XE or many other 'midrange' products I'd be quite surprised if they were affected.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
hockeydude
Getting noticed

Meraki Support says it only affects IOS...

 

Greetings,

This exploit is only on IOS firmware. Meraki devices are not affected. the full list of affected devices can be found here:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce

Thank you,

Cisco Meraki Technical Support

Get notified when there are additional replies to this discussion.