Armis, the leading enterprise IoT security company, announced the discovery of five zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP).
CDP is a Cisco Proprietary Layer 2 (Data Link Layer) network protocol that is used to discover information about locally attached Cisco equipment, which aids in mapping the presence of other Cisco products in the network. CDP is implemented in virtually all Cisco products including switches, routers, IP phones and IP cameras; many of these devices can not work properly without CDP, and do not offer the ability to turn it off.
According to Cisco, 95%+ Fortune 500 companies use Cisco Collaboration solutions. The vulnerabilities, collectively called CDPwn, could allow an attacker to remotely take-over tens of millions of devices.
Read more: Cyber Defense Magazine