#VU66749 Out-of-bounds read in Cisco Systems, Inc products - CVE-2022-20823
Published: August 24, 2022
Vulnerability identifier: #VU66749
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-20823
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco NX-OS
Cisco Nexus 3000 Series Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Cisco Nexus 9000 Series Switches
Nexus 9000 Series Fabric Switches
Cisco NX-OS
Cisco Nexus 3000 Series Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Cisco Nexus 9000 Series Switches
Nexus 9000 Series Fabric Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing OSPFv3 packets. A remote attacker can send specially crafted OSPFv3 link-state advertisement (LSA) packets to an affected device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.
External links
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz68748
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb50012
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb50013
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb50015