CVE-2020-3118CISA KEVEPSS p95.6%

CVE-2020-3118Cisco IOS XR Software Discovery Protocol Format String Vulnerability

Cisco / IOS XR

Description

Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

Scoring

EPSS11.81% probability of exploitation · percentile 95.6% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryCisco IOS XR Software Discovery Protocol Format String Vulnerabilitykev-cve-2020-31180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
CVE
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
CVE
CVE-2025-20138
CVE
CVE-2026-20040
CVE
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVE
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.