CVE-2022-20624

Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability

CVSS 8.6 HIGHEPSS 12.4%CWE-400

Vexday Risk Score

26Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.6EPSS 12.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

23 Feb 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected products

Cisco · Cisco NX-OS Software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr