CVE-2022-20824
CVE-2022-20824 is a high-severity vulnerability in Cisco Mds 9506 Firmware with a CVSS 3.x base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-787.
Key facts
- Severity: High (CVSS 3.x base score 8.8)
- EPSS exploit prediction: 0% (29th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-787
- Affected product: Cisco Mds 9506 Firmware
- Published:
- Last modified:
Description
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Frequently asked questions
- What is CVE-2022-20824?
- A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
- How severe is CVE-2022-20824?
- CVE-2022-20824 has a CVSS 3.x base score of 8.8, rated high severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2022-20824 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (29th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-20824?
- CVE-2022-20824 primarily affects Cisco Mds 9506 Firmware. In total, 144 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-20824?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2022-20824 published?
- CVE-2022-20824 was published on 2022-08-25 and last updated on 2026-06-17.
References
- https://security.netapp.com/advisory/ntap-20220923-0001/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
Affected products (144)
- cpe:2.3:o:cisco:mds_9506_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:mds_9513_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:mds_9706_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:mds_9710_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:mds_9718_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_1000v_firmware:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:o:cisco:nexus_3016_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3016q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3048_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3064_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3064-32t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3064-t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3064-x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3064t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3064x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3100_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3100-v_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3100-z_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3100v_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_31108pc-v_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_31108pv-v_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_31108tc-v_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_31128pq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3132c-z_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3132q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3132q-v_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3132q-x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3132q-x\/3132q-xl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3132q-xl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3164q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3172_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3172pq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3172pq-xl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3172pq\/pq-xl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3172tq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3172tq-32t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3172tq-xl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3200_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3232c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nexus_3232c__firmware:-:*:*:*:*:*:*:*
Other CWE-787 (Out-of-bounds Write) vulnerabilities
- CVE-2026-42369 — Critical (CVSS 10.0): GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other…
- CVE-2026-4746 — Critical (CVSS 10.0): Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is…
- CVE-2025-43300 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS…
- CVE-2025-24201 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in…
- CVE-2024-42479 — Critical (CVSS 10.0): llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause…
- CVE-2024-39791 — Critical (CVSS 10.0): Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge…