Any news as to when the QIDs for these vulnerabilities will be made available?
Cisco Confirms 5 Serious Security Threats To ‘Tens Of Millions’ Of Network Devices
Cisco CDPwn vulnerabilities released CVEs: CVE-2020-3120, CVE-2020-3119
QID 316559: Cisco NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability (cisco-sa-20200205-fxnxos-iosxr-cdp-dos) QID 316558: Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability (cisco-sa-20200205-nxos-cdp-rce) Vulnsigs Version: VULNSIGS-2.4.815-2 Other CVEs are being worked upon and we will update here as soon as they are released.
We're currently investigating.
We have opened a New QID request for these also - watching this for updates also
Also very interested
Interested and waiting the QID
For CVE-2020-3119 (QID 316558), do you know why Qualys lists the CVSS Base score as 7.5, while Cisco has it listed as 8.8? (I realize NVD has not yet provided a score). That's quite a discrepancy, so I wanted to find out the reason for it.
Good catch! We updated the CVSS v3 score to 8.8.
I'm searching the Qualys knowledgebase for CVE-2020-3111 today, 2/13/2020, and I'm not getting any results. Can anyone else see anything?
A detection for CVE-2020-3111 is not in plan.
Retrieving data ...