Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-20824

Published: 25/08/2022 Updated: 07/11/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Mds 9506 Firmware

Vulnerability Summary

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent malicious user to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the malicious user to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco mds_9506_firmware -

cisco mds_9513_firmware -

cisco mds_9706_firmware -

cisco mds_9710_firmware -

cisco mds_9718_firmware -

cisco nexus_1000v_firmware -

cisco nexus_3016_firmware -

cisco nexus_3016q_firmware -

cisco nexus_3048_firmware -

cisco nexus_3064_firmware -

cisco nexus_3064-32t_firmware -

cisco nexus_3064-t_firmware -

cisco nexus_3064-x_firmware -

cisco nexus_3064t_firmware -

cisco nexus_3064x_firmware -

cisco nexus_3100_firmware -

cisco nexus_3100-v_firmware -

cisco nexus_3100-z_firmware -

cisco nexus_3100v_firmware -

cisco nexus_31108pc-v_firmware -

cisco nexus_31108pv-v_firmware -

cisco nexus_31108tc-v_firmware -

cisco nexus_31128pq_firmware -

cisco nexus_3132c-z_firmware -

cisco nexus_3132q_firmware -

cisco nexus_3132q-v_firmware -

cisco nexus_3132q-x_firmware -

cisco nexus_3132q-x\\/3132q-xl_firmware -

cisco nexus_3132q-xl_firmware -

cisco nexus_3164q_firmware -

cisco nexus_3172_firmware -

cisco nexus_3172pq_firmware -

cisco nexus_3172pq-xl_firmware -

cisco nexus_3172pq\\/pq-xl_firmware -

cisco nexus_3172tq_firmware -

cisco nexus_3172tq-32t_firmware -

cisco nexus_3172tq-xl_firmware -

cisco nexus_3200_firmware -

cisco nexus_3232c_firmware -

cisco nexus_3232c__firmware -

cisco nexus_3264c-e_firmware -

cisco nexus_3264q_firmware -

cisco nexus_3400_firmware -

cisco nexus_3408-s_firmware -

cisco nexus_34180yc_firmware -

cisco nexus_34200yc-sm_firmware -

cisco nexus_3432d-s_firmware -

cisco nexus_3464c_firmware -

cisco nexus_3524_firmware -

cisco nexus_3524-x_firmware -

cisco nexus_3524-x\\/xl_firmware -

cisco nexus_3524-xl_firmware -

cisco nexus_3548_firmware -

cisco nexus_3548-x_firmware -

cisco nexus_3548-x\\/xl_firmware -

cisco nexus_3548-xl_firmware -

cisco nexus_36180yc-r_firmware -

cisco nexus_3636c-r_firmware -

cisco nexus_5548p_firmware -

cisco nexus_5548up_firmware -

cisco nexus_5596t_firmware -

cisco nexus_5596up_firmware -

cisco nexus_5600_firmware -

cisco nexus_56128p_firmware -

cisco nexus_5624q_firmware -

cisco nexus_5648q_firmware -

cisco nexus_5672up_firmware -

cisco nexus_5672up-16g_firmware -

cisco nexus_5696q_firmware -

cisco nexus_6000_firmware -

cisco nexus_6001_firmware -

cisco nexus_6001p_firmware -

cisco nexus_6001t_firmware -

cisco nexus_6004_firmware -

cisco nexus_6004x_firmware -

cisco nexus_7000_firmware -

cisco nexus_7000_supervisor_1_firmware -

cisco nexus_7000_supervisor_2_firmware -

cisco nexus_7000_supervisor_2e_firmware -

cisco nexus_7004_firmware -

cisco nexus_7009_firmware -

cisco nexus_7010_firmware -

cisco nexus_7018_firmware -

cisco nexus_7700_firmware -

cisco nexus_7700_supervisor_2e_firmware -

cisco nexus_7700_supervisor_3e_firmware -

cisco nexus_7702_firmware -

cisco nexus_7706_firmware -

cisco nexus_7710_firmware -

cisco nexus_7718_firmware -

cisco nexus_9000_firmware -

cisco nexus_9000v_firmware -

cisco nexus_9200_firmware -

cisco nexus_92160yc-x_firmware -

cisco nexus_9221c_firmware -

cisco nexus_92300yc_firmware -

cisco nexus_92304qc_firmware -

cisco nexus_92348gc-x_firmware -

cisco nexus_9236c_firmware -

cisco nexus_9272q_firmware -

cisco nexus_9300_firmware -

cisco nexus_93108tc-ex_firmware -

cisco nexus_93108tc-ex-24_firmware -

cisco nexus_93108tc-fx_firmware -

cisco nexus_93108tc-fx-24_firmware -

cisco nexus_93108tc-fx3p_firmware -

cisco nexus_93120tx_firmware -

cisco nexus_93128_firmware -

cisco nexus_93128tx_firmware -

cisco nexus_9316d-gx_firmware -

cisco nexus_93180lc-ex_firmware -

cisco nexus_93180tc-ex_firmware -

cisco nexus_93180yc-ex_firmware -

cisco nexus_93180yc-ex-24_firmware -

cisco nexus_93180yc-fx_firmware -

cisco nexus_93180yc-fx-24_firmware -

cisco nexus_93180yc-fx3_firmware -

cisco nexus_93180yc-fx3s_firmware -

cisco nexus_93216tc-fx2_firmware -

cisco nexus_93240yc-fx2_firmware -

cisco nexus_9332c_firmware -

cisco nexus_9332pq_firmware -

cisco nexus_93360yc-fx2_firmware -

cisco nexus_9336c-fx2_firmware -

cisco nexus_9336c-fx2-e_firmware -

cisco nexus_9336pq_firmware -

cisco nexus_9348gc-fxp_firmware -

cisco nexus_93600cd-gx_firmware -

cisco nexus_9364c_firmware -

cisco nexus_9364c-gx_firmware -

cisco nexus_9372px_firmware -

cisco nexus_9372px-e_firmware -

cisco nexus_9372tx_firmware -

cisco nexus_9372tx-e_firmware -

cisco nexus_9396px_firmware -

cisco nexus_9396tx_firmware -

cisco nexus_9500_supervisor_a_firmware -

cisco nexus_9500_supervisor_a\\+_firmware -

cisco nexus_9500_supervisor_b_firmware -

cisco nexus_9500_supervisor_b\\+_firmware -

cisco nexus_9500r_firmware -

cisco nexus_9504_firmware -

cisco nexus_9508_firmware -

cisco nexus_9516_firmware -

Vendor Advisories

Cisco: Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device This vulnerability is due to improper input validation of specific values that ar ...

References

CWE-787https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9https://security.netapp.com/advisory/ntap-20220923-0001/https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook