CVE-2022-20625: Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability
First published: Wed Feb 23 2022(Updated: )
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Extensible Operating System | <2.3.1.219 | |
| Cisco Firepower Extensible Operating System | >=2.4<2.9.1.158 | |
| Cisco Firepower Extensible Operating System | >=2.10<2.10.1.179 | |
| Cisco Firepower 4110 Next-Generation Firewall | ||
| Cisco Firepower 4112 Firmware | ||
| Cisco Firepower 4115 | ||
| Cisco Firepower 4120 Next-Generation Firewall | ||
| Cisco Firepower 4125 firmware | ||
| Cisco Firepower 4140 Next-Generation Firewall | ||
| Cisco Firepower 4145 firmware | ||
| Cisco Firepower 4150 Next-Generation Firewall | ||
| Cisco Firepower 9300 firmware | ||
| Cisco NX-OS | =8.2\(7.34\) | |
| Cisco MDS 9132T | ||
| Cisco MDS 9148S | ||
| Cisco MDS 9148T | ||
| Cisco MDS 9222i | ||
| Cisco MDS 9250i | ||
| Cisco MDS 9396S | ||
| Cisco MDS 9396T | ||
| Cisco MDS 9500 | ||
| Cisco MDS 9513 Firmware | ||
| Cisco MDS 9706 Firmware | ||
| Cisco MDS 9710 Firmware | ||
| Cisco MDS 9718 Firmware | ||
| Cisco Nexus 7000 Series Switch - n77-f312ck-26 | ||
| Cisco Nexus 7000 Series n77-f324fq-25 | ||
| Cisco Nexus 7700 Series Switch | ||
| Cisco Nexus 7700 series | ||
| Cisco Nexus 7000 Series N77-M312CQ-26L | ||
| Cisco Nexus 7000 Series n7k-m324fq-25l | ||
| Cisco Nexus 7000 Series Switch (N77-M348XP-23L) | ||
| Cisco Nexus 7000 n7k-f248xp-25e | ||
| Cisco Nexus 7000 Series Switch - N7K-F306CK-25 | ||
| Cisco Nexus 7000 Series Switch | ||
| Cisco Nexus 7000 Series Switches | ||
| Cisco Nexus 7000 Series N7K-M206FQ-23L | ||
| Cisco NEXUS 7000 Series Switch (Model N7K-M224XP-23L) | ||
| Cisco Nexus 7000 Series n7k-m324fq-25l | ||
| Cisco Nexus 7000 Series N7K-M348XP-25L | ||
| Cisco Nexus 7000 | ||
| Cisco Nexus 7000 | ||
| Cisco Nexus 7000 | ||
| Cisco Nexus 7000 9-Slot Firmware | ||
| Cisco Nexus 7000 Supervisor 1 Firmware | ||
| Cisco Nexus 7000 Supervisor 2E | ||
| Cisco Nexus 7000 Supervisor 2E Firmware | ||
| Cisco Nexus 7700 series | ||
| Cisco Nexus 7700 series | ||
| Cisco Nexus 7700 series | ||
| Cisco Nexus 7700 6-slot | ||
| Cisco Nexus 7700 Supervisor 2E Firmware | ||
| Cisco Nexus 7700 Supervisor 3E Firmware | ||
| Cisco NX-OS | =5.2\(1\)sv5\(1.3b\) | |
| Cisco Nexus 1000V for Hyper-V | ||
| Cisco Nexus 1000V | ||
| Cisco Nexus 1000V for VMware vSphere | ||
| Cisco NX-OS | =9.3\(8.15\) | |
| Cisco Nexus 9000 Series N9K-C9316D-GX | ||
| Cisco Nexus 9332D-GX2B | ||
| Cisco Nexus 9348D-GX2A | ||
| Cisco Nexus 9000 Series Switch N9K-C93600CD-GX | ||
| Cisco Nexus 9364D-GX2A | ||
| Cisco Nexus 3048 Firmware | ||
| Cisco Nexus 31108PC-V Firmware | ||
| Cisco Nexus 31108TC-V Firmware | ||
| Cisco Nexus 31128PQ | ||
| Cisco Nexus 3132C-Z Firmware | ||
| Cisco Nexus 3132Q-V Firmware | ||
| Cisco Nexus 3132Q-X/3132Q-XL | ||
| Cisco Nexus 3132Q-XL Firmware | ||
| Cisco Nexus 3164Q Firmware | ||
| Cisco Nexus 3172PQ/PQ-XL | ||
| Cisco Nexus 3172PQ-XL Firmware | ||
| Cisco Nexus 3172TQ-XL Firmware | ||
| Cisco Nexus 3232C | ||
| Cisco Nexus 3264C-E Firmware | ||
| Cisco Nexus 3264Q Firmware | ||
| Cisco Nexus 3408-S Firmware | ||
| Cisco Nexus 34180YC Firmware | ||
| Cisco Nexus 3432D-S Firmware | ||
| Cisco Nexus 3464C Firmware | ||
| Cisco Nexus 3524-xl | ||
| Cisco Nexus 3524-XL Firmware | ||
| Cisco Nexus 3548-X/XL | ||
| Cisco Nexus 3548-X/XL | ||
| Cisco Nexus 36180YC-R Firmware | ||
| Cisco Nexus 3636C-R Firmware | ||
| Cisco Nexus 92160YC Switch | ||
| Cisco Nexus 92300YC Firmware | ||
| Cisco Nexus 92304QC Switch | ||
| Cisco Nexus 92348GC-X Switch | ||
| Cisco Nexus 9236C Switch | ||
| Cisco Nexus 9272Q Switch | ||
| Cisco Nexus | ||
| Cisco Nexus 93108TC-FX Switch | ||
| Cisco Nexus 93108TC-FX3P Firmware | ||
| Cisco Nexus 93120TX Firmware | ||
| Cisco Nexus 93216TC-FX2 Firmware | ||
| Cisco Nexus 9332C Firmware | ||
| Cisco Nexus 9336C-FX2 Firmware | ||
| Cisco Nexus 9336C-FX2-E Firmware | ||
| Cisco Nexus 9348GC-FXP Firmware | ||
| Cisco Nexus 9364c-h1 | ||
| Cisco Nexus 9364C-GX Firmware | ||
| Cisco Nexus 9504 firmware | ||
| Cisco Nexus 9508 | ||
| Cisco Nexus 9516 firmware | ||
| Cisco NX-OS | =4.0\(1a\)a | |
| Cisco UCS 64108 | ||
| Cisco UCS 6454 Fabric Interconnect | ||
| Cisco NX-OS | =4.1\(3f\)c | |
| Cisco UCS 6248UP | ||
| Cisco UCS 6296UP | ||
| Cisco UCS 6324 firmware | ||
| Cisco UCS 6332 | ||
| Cisco UCS 6332-16UP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-20625?
The severity of CVE-2022-20625 is considered high due to its denial of service (DoS) potential.
How do I fix CVE-2022-20625?
To fix CVE-2022-20625, update the affected Cisco FXOS Software or Cisco NX-OS Software to the latest patched version.
Which Cisco products are affected by CVE-2022-20625?
CVE-2022-20625 affects various versions of Cisco Firepower Extensible Operating System and specific releases of Cisco NX-OS.
Can CVE-2022-20625 be exploited remotely?
No, CVE-2022-20625 requires an unauthenticated, adjacent attacker to exploit the vulnerability.
What are the consequences of exploiting CVE-2022-20625?
Exploiting CVE-2022-20625 can lead to a restart of the Cisco Discovery Protocol service, creating a denial of service condition.
- agent/type
- agent/weakness
- agent/severity
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/cisco
- canonical/cisco firepower extensible operating system
- version/cisco firepower extensible operating system/2.4
- version/cisco firepower extensible operating system/2.10
- canonical/cisco firepower 4110 next-generation firewall
- canonical/cisco firepower 4112 firmware
- canonical/cisco firepower 4115
- canonical/cisco firepower 4120 next-generation firewall
- canonical/cisco firepower 4125 firmware
- canonical/cisco firepower 4140 next-generation firewall
- canonical/cisco firepower 4145 firmware
- canonical/cisco firepower 4150 next-generation firewall
- canonical/cisco firepower 9300 firmware
- canonical/cisco nx-os
- version/cisco nx-os/8.2\(7.34\)
- canonical/cisco mds 9132t
- canonical/cisco mds 9148s
- canonical/cisco mds 9148t
- canonical/cisco mds 9222i
- canonical/cisco mds 9250i
- canonical/cisco mds 9396s
- canonical/cisco mds 9396t
- canonical/cisco mds 9500
- canonical/cisco mds 9513 firmware
- canonical/cisco mds 9706 firmware
- canonical/cisco mds 9710 firmware
- canonical/cisco mds 9718 firmware
- canonical/cisco nexus 7000 series switch - n77-f312ck-26
- canonical/cisco nexus 7000 series n77-f324fq-25
- canonical/cisco nexus 7700 series switch
- canonical/cisco nexus 7700 series
- canonical/cisco nexus 7000 series n77-m312cq-26l
- canonical/cisco nexus 7000 series n7k-m324fq-25l
- canonical/cisco nexus 7000 series switch (n77-m348xp-23l)
- canonical/cisco nexus 7000 n7k-f248xp-25e
- canonical/cisco nexus 7000 series switch - n7k-f306ck-25
- canonical/cisco nexus 7000 series switch
- canonical/cisco nexus 7000 series switches
- canonical/cisco nexus 7000 series n7k-m206fq-23l
- canonical/cisco nexus 7000 series switch (model n7k-m224xp-23l)
- canonical/cisco nexus 7000 series n7k-m348xp-25l
- canonical/cisco nexus 7000
- canonical/cisco nexus 7000 9-slot firmware
- canonical/cisco nexus 7000 supervisor 1 firmware
- canonical/cisco nexus 7000 supervisor 2e
- canonical/cisco nexus 7000 supervisor 2e firmware
- canonical/cisco nexus 7700 6-slot
- canonical/cisco nexus 7700 supervisor 2e firmware
- canonical/cisco nexus 7700 supervisor 3e firmware
- version/cisco nx-os/5.2\(1\)sv5\(1.3b\)
- canonical/cisco nexus 1000v for hyper-v
- canonical/cisco nexus 1000v
- canonical/cisco nexus 1000v for vmware vsphere
- version/cisco nx-os/9.3\(8.15\)
- canonical/cisco nexus 9000 series n9k-c9316d-gx
- canonical/cisco nexus 9332d-gx2b
- canonical/cisco nexus 9348d-gx2a
- canonical/cisco nexus 9000 series switch n9k-c93600cd-gx
- canonical/cisco nexus 9364d-gx2a
- canonical/cisco nexus 3048 firmware
- canonical/cisco nexus 31108pc-v firmware
- canonical/cisco nexus 31108tc-v firmware
- canonical/cisco nexus 31128pq
- canonical/cisco nexus 3132c-z firmware
- canonical/cisco nexus 3132q-v firmware
- canonical/cisco nexus 3132q-x/3132q-xl
- canonical/cisco nexus 3132q-xl firmware
- canonical/cisco nexus 3164q firmware
- canonical/cisco nexus 3172pq/pq-xl
- canonical/cisco nexus 3172pq-xl firmware
- canonical/cisco nexus 3172tq-xl firmware
- canonical/cisco nexus 3232c
- canonical/cisco nexus 3264c-e firmware
- canonical/cisco nexus 3264q firmware
- canonical/cisco nexus 3408-s firmware
- canonical/cisco nexus 34180yc firmware
- canonical/cisco nexus 3432d-s firmware
- canonical/cisco nexus 3464c firmware
- canonical/cisco nexus 3524-xl
- canonical/cisco nexus 3524-xl firmware
- canonical/cisco nexus 3548-x/xl
- canonical/cisco nexus 36180yc-r firmware
- canonical/cisco nexus 3636c-r firmware
- canonical/cisco nexus 92160yc switch
- canonical/cisco nexus 92300yc firmware
- canonical/cisco nexus 92304qc switch
- canonical/cisco nexus 92348gc-x switch
- canonical/cisco nexus 9236c switch
- canonical/cisco nexus 9272q switch
- canonical/cisco nexus
- canonical/cisco nexus 93108tc-fx switch
- canonical/cisco nexus 93108tc-fx3p firmware
- canonical/cisco nexus 93120tx firmware
- canonical/cisco nexus 93216tc-fx2 firmware
- canonical/cisco nexus 9332c firmware
- canonical/cisco nexus 9336c-fx2 firmware
- canonical/cisco nexus 9336c-fx2-e firmware
- canonical/cisco nexus 9348gc-fxp firmware
- canonical/cisco nexus 9364c-h1
- canonical/cisco nexus 9364c-gx firmware
- canonical/cisco nexus 9504 firmware
- canonical/cisco nexus 9508
- canonical/cisco nexus 9516 firmware
- version/cisco nx-os/4.0\(1a\)a
- canonical/cisco ucs 64108
- canonical/cisco ucs 6454 fabric interconnect
- version/cisco nx-os/4.1\(3f\)c
- canonical/cisco ucs 6248up
- canonical/cisco ucs 6296up
- canonical/cisco ucs 6324 firmware
- canonical/cisco ucs 6332
- canonical/cisco ucs 6332-16up