CVE-2022-20823

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software and is due to incomplete input validation of specific OSPFv3 packets. This could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device, potentially causing the OSPFv3 process to crash and restart multiple times, resulting in a DoS condition. Note that the OSPFv3 feature is disabled by default, and to exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.