A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Conclusion & alert: CVE-2020-3120 is rated Moderate Risk (55.1/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.03%). Core evidence: EPSS rose +1.71% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.32% | 2.03% | +1.71% |
| 2 | 2025-11-21 | 0.14% | 0.32% | +0.17% |
| 3 | 2025-11-18 | — | 0.14% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.5 | 3.1 | MEDIUM |
|
2.8 | 3.6 | [email protected] |
| 7.4 | 3.0 | HIGH |
|
2.8 | 4.0 | [email protected] |
| 6.1 | 2.0 | MEDIUM |
|
6.5 | 6.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| cisco | firepower_extensible_operating_system | <= 2.3.1.173 | cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:* |
| cisco | firepower_extensible_operating_system | >= 2.6, < 2.6.1.187 | cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:* |
| cisco | firepower_extensible_operating_system | >= 2.7, < 2.7.1.106 | cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:* |
| cisco | fxos | 2.4 | cpe:2.3:o:cisco:fxos:2.4:*:*:*:*:*:*:* |
| cisco | ios_xr | 5.2.5 | cpe:2.3:o:cisco:ios_xr:5.2.5:*:*:*:*:*:*:* |
| cisco | ios_xr | 6.4.2 | cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:* |
| cisco | ios_xr | 6.5.3 | cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:* |
| cisco | ios_xr | 6.6.25 | cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:* |
| cisco | ios_xr | 7.0.1 | cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:* |
| cisco | nx-os | >= 5.2, < 6.2\(29\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | >= 7.3, < 8.4\(1a\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | >= 5.2, < 5.2\(1\)sv5\(1.3\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | <= 5.2 | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | < 5.2\(1\)sv3\(4.1b\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | >= 7.0\(3\)f2, < 9.3\(2\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | >= 7.0\(3\)i, < 7.0\(3\)i7\(8\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | < 7.3\(6\)n1\(1\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | < 6.2\(24\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | >= 7.2, < 7.3\(5\)d1\(1\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | >= 8.0, < 8.2\(5\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | >= 8.3, < 8.4\(2\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | < 13.2\(9b\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | nx-os | >= 14.0, < 14.2\(1j\) | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
| cisco | ucs_manager | < 3.2\(3m\) | cpe:2.3:a:cisco:ucs_manager:*:*:*:*:*:*:*:* |
| cisco | ucs_manager | >= 4.0, < 4.0\(4g\) | cpe:2.3:a:cisco:ucs_manager:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html | Third Party Advisory VDB Entry |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos | Vendor Advisory |