CVE-2022-20823
A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory.
EPSS 0.64% · 71.0th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | nexus_93600cd-gx_firmware | |
| cisco | nexus_7702_firmware | |
| cisco | nexus_9372px-e_firmware | |
| cisco | nexus_9500_firmware | |
| cisco | nexus_7000_9-slot_firmware | |
| cisco | nexus_93108tc-fx3p_firmware | |
| cisco | nexus_3064x_firmware | |
| cisco | nexus_92304qc_firmware | |
| cisco | nexus_3524-x\/xl_firmware | |
| cisco | nexus_3132q-x_firmware | |
| cisco | nexus_6001_firmware | |
| cisco | nexus_3100v_firmware | |
| cisco | nexus_31128pq_firmware | |
| cisco | nexus_31108pc-v_firmware | |
| cisco | nexus_93108tc-fx-24_firmware | |
| cisco | nexus_3548-x_firmware | |
| cisco | nexus_6001t_firmware | |
| cisco | nexus_3232c_firmware | |
| cisco | nexus_7000_10-slot_firmware | |
| cisco | nexus_9332c_firmware |
…and 128 more
Exploit Intelligence
Timeline
- Aug 25, 2022 CVE Published
- Aug 26, 2022 EPSS Score
- Oct 11, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
- Jan 10, 2023 EPSS Score
- Feb 24, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
- May 27, 2023 EPSS Score
- Jul 11, 2023 EPSS Score
- Aug 26, 2023 EPSS Score
- Oct 11, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
References
- 20220824 Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability vendor-advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-20823 advisory