CVE-2020-3118
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
CVSS
—
No CVSS
EPSS
11.7%
p96
KEV
YES
Nov 3, 2021
Exploit Today
79
0-100
Published: — · Last modified: —
11.7%EPSS · 30 days11.7%
2026-06-302026-07-16
Product
Cisco / IOS XR
Vulnerability
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-3118
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-20821—95.6%
KEV—79Cisco IOS XR Open Port Vulnerability—CVE-2010-3035—92.0%
KEV—78Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability—CVE-2020-3566—88.3%
KEV—76Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability—CVE-2009-2055—87.2%
KEV—76Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability—CVE-2020-3569—87.1%
KEV—76Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability—