Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20824

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.8, indicating it requires adjacent network access with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 288 products from cisco, from cisco, from cisco and 285 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-08-25T19:15:08.217

Last Modified

2024-11-21T06:43:37.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	mds_9506_firmware	-	Yes
Hardware	cisco	mds_9506	-	No
Operating System	cisco	mds_9513_firmware	-	Yes
Hardware	cisco	mds_9513	-	No
Operating System	cisco	mds_9706_firmware	-	Yes
Hardware	cisco	mds_9706	-	No
Operating System	cisco	mds_9710_firmware	-	Yes
Hardware	cisco	mds_9710	-	No
Operating System	cisco	mds_9718_firmware	-	Yes
Hardware	cisco	mds_9718	-	No
Operating System	cisco	nexus_1000v_firmware	-	Yes
Hardware	cisco	nexus_1000v	-	No
Operating System	cisco	nexus_3016_firmware	-	Yes
Hardware	cisco	nexus_3016	-	No
Operating System	cisco	nexus_3016q_firmware	-	Yes
Hardware	cisco	nexus_3016q	-	No
Operating System	cisco	nexus_3048_firmware	-	Yes
Hardware	cisco	nexus_3048	-	No
Operating System	cisco	nexus_3064_firmware	-	Yes
Hardware	cisco	nexus_3064	-	No
Operating System	cisco	nexus_3064-32t_firmware	-	Yes
Hardware	cisco	nexus_3064-32t	-	No
Operating System	cisco	nexus_3064-t_firmware	-	Yes
Hardware	cisco	nexus_3064-t	-	No
Operating System	cisco	nexus_3064-x_firmware	-	Yes
Hardware	cisco	nexus_3064-x	-	No
Operating System	cisco	nexus_3064t_firmware	-	Yes
Hardware	cisco	nexus_3064t	-	No
Operating System	cisco	nexus_3064x_firmware	-	Yes
Hardware	cisco	nexus_3064x	-	No
Operating System	cisco	nexus_3100_firmware	-	Yes
Hardware	cisco	nexus_3100	-	No
Operating System	cisco	nexus_3100-v_firmware	-	Yes
Hardware	cisco	nexus_3100-v	-	No
Operating System	cisco	nexus_3100-z_firmware	-	Yes
Hardware	cisco	nexus_3100-z	-	No
Operating System	cisco	nexus_3100v_firmware	-	Yes
Hardware	cisco	nexus_3100v	-	No
Operating System	cisco	nexus_31108pc-v_firmware	-	Yes
Hardware	cisco	nexus_31108pc-v	-	No
Operating System	cisco	nexus_31108pv-v_firmware	-	Yes
Hardware	cisco	nexus_31108pv-v	-	No
Operating System	cisco	nexus_31108tc-v_firmware	-	Yes
Hardware	cisco	nexus_31108tc-v	-	No
Operating System	cisco	nexus_31128pq_firmware	-	Yes
Hardware	cisco	nexus_31128pq	-	No
Operating System	cisco	nexus_3132c-z_firmware	-	Yes
Hardware	cisco	nexus_3132c-z	-	No
Operating System	cisco	nexus_3132q_firmware	-	Yes
Hardware	cisco	nexus_3132q	-	No
Operating System	cisco	nexus_3132q-v_firmware	-	Yes
Hardware	cisco	nexus_3132q-v	-	No
Operating System	cisco	nexus_3132q-x_firmware	-	Yes
Hardware	cisco	nexus_3132q-x	-	No
Operating System	cisco	nexus_3132q-x\/3132q-xl_firmware	-	Yes
Hardware	cisco	nexus_3132q-x\/3132q-xl	-	No
Operating System	cisco	nexus_3132q-xl_firmware	-	Yes
Hardware	cisco	nexus_3132q-xl	-	No
Operating System	cisco	nexus_3164q_firmware	-	Yes
Hardware	cisco	nexus_3164q	-	No
Operating System	cisco	nexus_3172_firmware	-	Yes
Hardware	cisco	nexus_3172	-	No
Operating System	cisco	nexus_3172pq_firmware	-	Yes
Hardware	cisco	nexus_3172pq	-	No
Operating System	cisco	nexus_3172pq-xl_firmware	-	Yes
Hardware	cisco	nexus_3172pq-xl	-	No
Operating System	cisco	nexus_3172pq\/pq-xl_firmware	-	Yes
Hardware	cisco	nexus_3172pq\/pq-xl	-	No
Operating System	cisco	nexus_3172tq_firmware	-	Yes
Hardware	cisco	nexus_3172tq	-	No
Operating System	cisco	nexus_3172tq-32t_firmware	-	Yes
Hardware	cisco	nexus_3172tq-32t	-	No
Operating System	cisco	nexus_3172tq-xl_firmware	-	Yes
Hardware	cisco	nexus_3172tq-xl	-	No
Operating System	cisco	nexus_3200_firmware	-	Yes
Hardware	cisco	nexus_3200	-	No
Operating System	cisco	nexus_3232c_firmware	-	Yes
Hardware	cisco	nexus_3232c	-	No
Operating System	cisco	nexus_3232c__firmware	-	Yes
Hardware	cisco	nexus_3232c_	-	No
Operating System	cisco	nexus_3264c-e_firmware	-	Yes
Hardware	cisco	nexus_3264c-e	-	No
Operating System	cisco	nexus_3264q_firmware	-	Yes
Hardware	cisco	nexus_3264q	-	No
Operating System	cisco	nexus_3400_firmware	-	Yes
Hardware	cisco	nexus_3400	-	No
Operating System	cisco	nexus_3408-s_firmware	-	Yes
Hardware	cisco	nexus_3408-s	-	No
Operating System	cisco	nexus_34180yc_firmware	-	Yes
Hardware	cisco	nexus_34180yc	-	No
Operating System	cisco	nexus_34200yc-sm_firmware	-	Yes
Hardware	cisco	nexus_34200yc-sm	-	No
Operating System	cisco	nexus_3432d-s_firmware	-	Yes
Hardware	cisco	nexus_3432d-s	-	No
Operating System	cisco	nexus_3464c_firmware	-	Yes
Hardware	cisco	nexus_3464c	-	No
Operating System	cisco	nexus_3524_firmware	-	Yes
Hardware	cisco	nexus_3524	-	No
Operating System	cisco	nexus_3524-x_firmware	-	Yes
Hardware	cisco	nexus_3524-x	-	No
Operating System	cisco	nexus_3524-x\/xl_firmware	-	Yes
Hardware	cisco	nexus_3524-x\/xl	-	No
Operating System	cisco	nexus_3524-xl_firmware	-	Yes
Hardware	cisco	nexus_3524-xl	-	No
Operating System	cisco	nexus_3548_firmware	-	Yes
Hardware	cisco	nexus_3548	-	No
Operating System	cisco	nexus_3548-x_firmware	-	Yes
Hardware	cisco	nexus_3548-x	-	No
Operating System	cisco	nexus_3548-x\/xl_firmware	-	Yes
Hardware	cisco	nexus_3548-x\/xl	-	No
Operating System	cisco	nexus_3548-xl_firmware	-	Yes
Hardware	cisco	nexus_3548-xl	-	No
Operating System	cisco	nexus_36180yc-r_firmware	-	Yes
Hardware	cisco	nexus_36180yc-r	-	No
Operating System	cisco	nexus_3636c-r_firmware	-	Yes
Hardware	cisco	nexus_3636c-r	-	No
Operating System	cisco	nexus_5548p_firmware	-	Yes
Hardware	cisco	nexus_5548p	-	No
Operating System	cisco	nexus_5548up_firmware	-	Yes
Hardware	cisco	nexus_5548up	-	No
Operating System	cisco	nexus_5596t_firmware	-	Yes
Hardware	cisco	nexus_5596t	-	No
Operating System	cisco	nexus_5596up_firmware	-	Yes
Hardware	cisco	nexus_5596up	-	No
Operating System	cisco	nexus_5600_firmware	-	Yes
Hardware	cisco	nexus_5600	-	No
Operating System	cisco	nexus_56128p_firmware	-	Yes
Hardware	cisco	nexus_56128p	-	No
Operating System	cisco	nexus_5624q_firmware	-	Yes
Hardware	cisco	nexus_5624q	-	No
Operating System	cisco	nexus_5648q_firmware	-	Yes
Hardware	cisco	nexus_5648q	-	No
Operating System	cisco	nexus_5672up_firmware	-	Yes
Hardware	cisco	nexus_5672up	-	No
Operating System	cisco	nexus_5672up-16g_firmware	-	Yes
Hardware	cisco	nexus_5672up-16g	-	No
Operating System	cisco	nexus_5696q_firmware	-	Yes
Hardware	cisco	nexus_5696q	-	No
Operating System	cisco	nexus_6000_firmware	-	Yes
Hardware	cisco	nexus_6000	-	No
Operating System	cisco	nexus_6001_firmware	-	Yes
Hardware	cisco	nexus_6001	-	No
Operating System	cisco	nexus_6001p_firmware	-	Yes
Hardware	cisco	nexus_6001p	-	No
Operating System	cisco	nexus_6001t_firmware	-	Yes
Hardware	cisco	nexus_6001t	-	No
Operating System	cisco	nexus_6004_firmware	-	Yes
Hardware	cisco	nexus_6004	-	No
Operating System	cisco	nexus_6004x_firmware	-	Yes
Hardware	cisco	nexus_6004x	-	No
Operating System	cisco	nexus_7000_firmware	-	Yes
Hardware	cisco	nexus_7000	-	No
Operating System	cisco	nexus_7000_supervisor_1_firmware	-	Yes
Hardware	cisco	nexus_7000_supervisor_1	-	No
Operating System	cisco	nexus_7000_supervisor_2_firmware	-	Yes
Hardware	cisco	nexus_7000_supervisor_2	-	No
Operating System	cisco	nexus_7000_supervisor_2e_firmware	-	Yes
Hardware	cisco	nexus_7000_supervisor_2e	-	No
Operating System	cisco	nexus_7004_firmware	-	Yes
Hardware	cisco	nexus_7004	-	No
Operating System	cisco	nexus_7009_firmware	-	Yes
Hardware	cisco	nexus_7009	-	No
Operating System	cisco	nexus_7010_firmware	-	Yes
Hardware	cisco	nexus_7010	-	No
Operating System	cisco	nexus_7018_firmware	-	Yes
Hardware	cisco	nexus_7018	-	No
Operating System	cisco	nexus_7700_firmware	-	Yes
Hardware	cisco	nexus_7700	-	No
Operating System	cisco	nexus_7700_supervisor_2e_firmware	-	Yes
Hardware	cisco	nexus_7700_supervisor_2e	-	No
Operating System	cisco	nexus_7700_supervisor_3e_firmware	-	Yes
Hardware	cisco	nexus_7700_supervisor_3e	-	No
Operating System	cisco	nexus_7702_firmware	-	Yes
Hardware	cisco	nexus_7702	-	No
Operating System	cisco	nexus_7706_firmware	-	Yes
Hardware	cisco	nexus_7706	-	No
Operating System	cisco	nexus_7710_firmware	-	Yes
Hardware	cisco	nexus_7710	-	No
Operating System	cisco	nexus_7718_firmware	-	Yes
Hardware	cisco	nexus_7718	-	No
Operating System	cisco	nexus_9000_firmware	-	Yes
Hardware	cisco	nexus_9000	-	No
Operating System	cisco	nexus_9000v_firmware	-	Yes
Hardware	cisco	nexus_9000v	-	No
Operating System	cisco	nexus_9200_firmware	-	Yes
Hardware	cisco	nexus_9200	-	No
Operating System	cisco	nexus_92160yc-x_firmware	-	Yes
Hardware	cisco	nexus_92160yc-x	-	No
Operating System	cisco	nexus_9221c_firmware	-	Yes
Hardware	cisco	nexus_9221c	-	No
Operating System	cisco	nexus_92300yc_firmware	-	Yes
Hardware	cisco	nexus_92300yc	-	No
Operating System	cisco	nexus_92304qc_firmware	-	Yes
Hardware	cisco	nexus_92304qc	-	No
Operating System	cisco	nexus_92348gc-x_firmware	-	Yes
Hardware	cisco	nexus_92348gc-x	-	No
Operating System	cisco	nexus_9236c_firmware	-	Yes
Hardware	cisco	nexus_9236c	-	No
Operating System	cisco	nexus_9272q_firmware	-	Yes
Hardware	cisco	nexus_9272q	-	No
Operating System	cisco	nexus_9300_firmware	-	Yes
Hardware	cisco	nexus_9300	-	No
Operating System	cisco	nexus_93108tc-ex_firmware	-	Yes
Hardware	cisco	nexus_93108tc-ex	-	No
Operating System	cisco	nexus_93108tc-ex-24_firmware	-	Yes
Hardware	cisco	nexus_93108tc-ex-24	-	No
Operating System	cisco	nexus_93108tc-fx_firmware	-	Yes
Hardware	cisco	nexus_93108tc-fx	-	No
Operating System	cisco	nexus_93108tc-fx-24_firmware	-	Yes
Hardware	cisco	nexus_93108tc-fx-24	-	No
Operating System	cisco	nexus_93108tc-fx3p_firmware	-	Yes
Hardware	cisco	nexus_93108tc-fx3p	-	No
Operating System	cisco	nexus_93120tx_firmware	-	Yes
Hardware	cisco	nexus_93120tx	-	No
Operating System	cisco	nexus_93128_firmware	-	Yes
Hardware	cisco	nexus_93128	-	No
Operating System	cisco	nexus_93128tx_firmware	-	Yes
Hardware	cisco	nexus_93128tx	-	No
Operating System	cisco	nexus_9316d-gx_firmware	-	Yes
Hardware	cisco	nexus_9316d-gx	-	No
Operating System	cisco	nexus_93180lc-ex_firmware	-	Yes
Hardware	cisco	nexus_93180lc-ex	-	No
Operating System	cisco	nexus_93180tc-ex_firmware	-	Yes
Hardware	cisco	nexus_93180tc-ex	-	No
Operating System	cisco	nexus_93180yc-ex_firmware	-	Yes
Hardware	cisco	nexus_93180yc-ex	-	No
Operating System	cisco	nexus_93180yc-ex-24_firmware	-	Yes
Hardware	cisco	nexus_93180yc-ex-24	-	No
Operating System	cisco	nexus_93180yc-fx_firmware	-	Yes
Hardware	cisco	nexus_93180yc-fx	-	No
Operating System	cisco	nexus_93180yc-fx-24_firmware	-	Yes
Hardware	cisco	nexus_93180yc-fx-24	-	No
Operating System	cisco	nexus_93180yc-fx3_firmware	-	Yes
Hardware	cisco	nexus_93180yc-fx3	-	No
Operating System	cisco	nexus_93180yc-fx3s_firmware	-	Yes
Hardware	cisco	nexus_93180yc-fx3s	-	No
Operating System	cisco	nexus_93216tc-fx2_firmware	-	Yes
Hardware	cisco	nexus_93216tc-fx2	-	No
Operating System	cisco	nexus_93240yc-fx2_firmware	-	Yes
Hardware	cisco	nexus_93240yc-fx2	-	No
Operating System	cisco	nexus_9332c_firmware	-	Yes
Hardware	cisco	nexus_9332c	-	No
Operating System	cisco	nexus_9332pq_firmware	-	Yes
Hardware	cisco	nexus_9332pq	-	No
Operating System	cisco	nexus_93360yc-fx2_firmware	-	Yes
Hardware	cisco	nexus_93360yc-fx2	-	No
Operating System	cisco	nexus_9336c-fx2_firmware	-	Yes
Hardware	cisco	nexus_9336c-fx2	-	No
Operating System	cisco	nexus_9336c-fx2-e_firmware	-	Yes
Hardware	cisco	nexus_9336c-fx2-e	-	No
Operating System	cisco	nexus_9336pq_firmware	-	Yes
Hardware	cisco	nexus_9336pq	-	No
Operating System	cisco	nexus_9348gc-fxp_firmware	-	Yes
Hardware	cisco	nexus_9348gc-fxp	-	No
Operating System	cisco	nexus_93600cd-gx_firmware	-	Yes
Hardware	cisco	nexus_93600cd-gx	-	No
Operating System	cisco	nexus_9364c_firmware	-	Yes
Hardware	cisco	nexus_9364c	-	No
Operating System	cisco	nexus_9364c-gx_firmware	-	Yes
Hardware	cisco	nexus_9364c-gx	-	No
Operating System	cisco	nexus_9372px_firmware	-	Yes
Hardware	cisco	nexus_9372px	-	No
Operating System	cisco	nexus_9372px-e_firmware	-	Yes
Hardware	cisco	nexus_9372px-e	-	No
Operating System	cisco	nexus_9372tx_firmware	-	Yes
Hardware	cisco	nexus_9372tx	-	No
Operating System	cisco	nexus_9372tx-e_firmware	-	Yes
Hardware	cisco	nexus_9372tx-e	-	No
Operating System	cisco	nexus_9396px_firmware	-	Yes
Hardware	cisco	nexus_9396px	-	No
Operating System	cisco	nexus_9396tx_firmware	-	Yes
Hardware	cisco	nexus_9396tx	-	No
Operating System	cisco	nexus_9500_supervisor_a_firmware	-	Yes
Hardware	cisco	nexus_9500_supervisor_a	-	No
Operating System	cisco	nexus_9500_supervisor_a\+_firmware	-	Yes
Hardware	cisco	nexus_9500_supervisor_a\+	-	No
Operating System	cisco	nexus_9500_supervisor_b_firmware	-	Yes
Hardware	cisco	nexus_9500_supervisor_b	-	No
Operating System	cisco	nexus_9500_supervisor_b\+_firmware	-	Yes
Hardware	cisco	nexus_9500_supervisor_b\+	-	No
Operating System	cisco	nexus_9500r_firmware	-	Yes
Hardware	cisco	nexus_9500r	-	No
Operating System	cisco	nexus_9504_firmware	-	Yes
Hardware	cisco	nexus_9504	-	No
Operating System	cisco	nexus_9508_firmware	-	Yes
Hardware	cisco	nexus_9508	-	No
Operating System	cisco	nexus_9516_firmware	-	Yes
Hardware	cisco	nexus_9516	-	No

References

https://security.netapp.com/advisory/ntap-20220923-0001/ Third Party Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9 Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20220923-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.