CVE-2022-20623
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 7.0\(3\)i6\(2\) to 7.0\(3\)i7\(3\) |
| Running on/with | Platform Versions |
|---|---|
Cisco N9k C92160yc X | All versions |
Cisco N9k C92300yc | All versions |
Cisco N9k C92304qc | All versions |
Cisco N9k C9232c | All versions |
Cisco N9k C92348gc X | All versions |
Cisco N9k C9236c | All versions |
Cisco N9k C9272q | All versions |
Cisco N9k C93108tc Ex | All versions |
Cisco N9k C93108tc Fx | All versions |
Cisco N9k C9316d Gx | All versions |
Cisco N9k C93180lc Ex | All versions |
Cisco N9k C93180yc Ex | All versions |
Cisco N9k C93180yc Fx | All versions |
Cisco N9k C93180yc2 Fx | All versions |
Cisco N9k C93216tc Fx2 | All versions |
Cisco N9k C93240yc Fx2 | All versions |
Cisco N9k C9332c | All versions |
Cisco N9k C93360yc Fx2 | All versions |
Cisco N9k C9336c Fx2 | All versions |
Cisco N9k C9348gc Fxp | All versions |
Cisco N9k C93600cd Gx | All versions |
Cisco N9k C9364c | All versions |
Cisco N9k C9364c Gx | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 10.1\(1\) to 10.2\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco N9k X97160yc Ex | All versions |
Cisco N9k X97284yc Fx | All versions |
Cisco N9k X9732c Ex | All versions |
Cisco N9k X9732c Fx | All versions |
Cisco N9k X9736c Ex | All versions |
Cisco N9k X9736c Fx | All versions |
Cisco N9k X9788tc Fx | All versions |
Related CWEs
References (2)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn
Source: psirt@cisco.com
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.