Cyber Resilience

CVE-2022-20625

Medium

Published: 23 February 2022

Published
23 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0167 82.5th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20625 is a medium-severity an unspecified weakness vulnerability in Cisco Nx-Os. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 17.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due…

more

to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
firepower extensible operating system
≤ 2.3.1.219 · 2.4 — 2.9.1.158 · 2.10 — 2.10.1.179
cisco
nx-os
4.0\(1a\)a, 4.1\(3f\)c, 5.2\(1\)sv5\(1.3b\), 8.2\(7.34\), 9.3\(8.15\)

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References