CVE-2022-20824

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.8HIGH

EPSS

0.1%

top 65.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Nx-os Software

Timeline

PublishedAug 25

Latest updateAug 26

Description

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5cisco/cisco_nx-os_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-4h78-xq9p-vv4g: A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attac↗2022-08-26

▶

CVEList

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability↗2022-08-25

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability↗2022-08-24

▶