Vulnerability Description
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Mds 9506 Firmware | - |
| Cisco | Mds 9506 | - |
| Cisco | Mds 9513 Firmware | - |
| Cisco | Mds 9513 | - |
| Cisco | Mds 9706 Firmware | - |
| Cisco | Mds 9706 | - |
| Cisco | Mds 9710 Firmware | - |
| Cisco | Mds 9710 | - |
| Cisco | Mds 9718 Firmware | - |
| Cisco | Mds 9718 | - |
| Cisco | Nexus 1000V Firmware | - |
| Cisco | Nexus 1000V | - |
| Cisco | Nexus 3016 Firmware | - |
| Cisco | Nexus 3016 | - |
| Cisco | Nexus 3016Q Firmware | - |
| Cisco | Nexus 3016Q | - |
| Cisco | Nexus 3048 Firmware | - |
| Cisco | Nexus 3048 | - |
| Cisco | Nexus 3064 Firmware | - |
| Cisco | Nexus 3064 | - |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20220923-0001/Third Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nVendor Advisory
- https://security.netapp.com/advisory/ntap-20220923-0001/Third Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nVendor Advisory
FAQ
What is CVE-2022-20824?
CVE-2022-20824 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges...
How severe is CVE-2022-20824?
CVE-2022-20824 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20824?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Mds 9506 Firmware, Cisco Mds 9506, Cisco Mds 9513 Firmware, Cisco Mds 9513, Cisco Mds 9706 Firmware.