CVE-2022-20625 - Vulnerability Details

A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.02776.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco Subscribe	Firepower 4110 Subscribe Firepower 4112 Subscribe Firepower 4115 Subscribe Firepower 4120 Subscribe Firepower 4125 Subscribe Firepower 4140 Subscribe Firepower 4145 Subscribe Firepower 4150 Subscribe Firepower 9300 Subscribe Firepower Extensible Operating System Subscribe Mds 9132t Subscribe Mds 9148s Subscribe Mds 9148t Subscribe Mds 9222i Subscribe Mds 9250i Subscribe Mds 9396s Subscribe Mds 9396t Subscribe Mds 9506 Subscribe Mds 9513 Subscribe Mds 9706 Subscribe Mds 9710 Subscribe Mds 9718 Subscribe N77-f312ck-26 Subscribe N77-f324fq-25 Subscribe N77-f348xp-23 Subscribe N77-f430cq-36 Subscribe N77-m312cq-26l Subscribe N77-m324fq-25l Subscribe N77-m348xp-23l Subscribe N7k-f248xp-25e Subscribe N7k-f306ck-25 Subscribe N7k-f312fq-25 Subscribe N7k-m202cf-22l Subscribe N7k-m206fq-23l Subscribe N7k-m224xp-23l Subscribe N7k-m324fq-25l Subscribe N7k-m348xp-25l Subscribe N9k-c9316d-gx Subscribe N9k-c9332d-gx2b Subscribe N9k-c9348d-gx2a Subscribe N9k-c93600cd-gx Subscribe N9k-c9364d-gx2a Subscribe Nexus 1000v Subscribe Nexus 1000ve Subscribe Nexus 3048 Subscribe Nexus 31108pc-v Subscribe Nexus 31108tc-v Subscribe Nexus 31128pq Subscribe Nexus 3132c-z Subscribe Nexus 3132q-v Subscribe Nexus 3132q-x Subscribe Nexus 3132q-xl Subscribe Nexus 3164q Subscribe Nexus 3172pq Subscribe Nexus 3172pq-xl Subscribe Nexus 3172tq-xl Subscribe Nexus 3232c Subscribe Nexus 3264c-e Subscribe Nexus 3264q Subscribe Nexus 3408-s Subscribe Nexus 34180yc Subscribe Nexus 3432d-s Subscribe Nexus 3464c Subscribe Nexus 3524-x Subscribe Nexus 3524-xl Subscribe Nexus 3548-x Subscribe Nexus 3548-xl Subscribe Nexus 36180yc-r Subscribe Nexus 3636c-r Subscribe Nexus 7000 10-slot Subscribe Nexus 7000 18-slot Subscribe Nexus 7000 4-slot Subscribe Nexus 7000 9-slot Subscribe Nexus 7000 Supervisor 1 Subscribe Nexus 7000 Supervisor 2 Subscribe Nexus 7000 Supervisor 2e Subscribe Nexus 7700 10-slot Subscribe Nexus 7700 18-slot Subscribe Nexus 7700 2-slot Subscribe Nexus 7700 6-slot Subscribe Nexus 7700 Supervisor 2e Subscribe Nexus 7700 Supervisor 3e Subscribe Nexus 92160yc-x Subscribe Nexus 92300yc Subscribe Nexus 92304qc Subscribe Nexus 92348gc-x Subscribe Nexus 9236c Subscribe Nexus 9272q Subscribe Nexus 93108tc-ex Subscribe Nexus 93108tc-fx Subscribe Nexus 93108tc-fx3p Subscribe Nexus 93120tx Subscribe Nexus 93216tc-fx2 Subscribe Nexus 9332c Subscribe Nexus 9336c-fx2 Subscribe Nexus 9336c-fx2-e Subscribe Nexus 9348gc-fxp Subscribe Nexus 9364c Subscribe Nexus 9364c-gx Subscribe Nexus 9504 Subscribe Nexus 9508 Subscribe Nexus 9516 Subscribe Nx-os Subscribe Ucs 6248up Subscribe Ucs 6296up Subscribe Ucs 6324 Subscribe Ucs 6332 Subscribe Ucs 6332-16up Subscribe Ucs 64108 Subscribe Ucs 6454 Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:firepower_extensible_operating_system::::::::
	cpe:2.3:o:cisco:firepower_extensible_operating_system::::::::
	cpe:2.3:o:cisco:firepower_extensible_operating_system::::::::

OR	cpe:2.3:h:cisco:firepower_4110:-:::::::*
	cpe:2.3:h:cisco:firepower_4112:-:::::::*
	cpe:2.3:h:cisco:firepower_4115:-:::::::*
	cpe:2.3:h:cisco:firepower_4120:-:::::::*
	cpe:2.3:h:cisco:firepower_4125:-:::::::*
	cpe:2.3:h:cisco:firepower_4140:-:::::::*
	cpe:2.3:h:cisco:firepower_4145:-:::::::*
	cpe:2.3:h:cisco:firepower_4150:-:::::::*
	cpe:2.3:h:cisco:firepower_9300:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:nx-os:8.2\(7.34\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:mds_9132t:-:::::::*
	cpe:2.3:h:cisco:mds_9148s:-:::::::*
	cpe:2.3:h:cisco:mds_9148t:-:::::::*
	cpe:2.3:h:cisco:mds_9222i:-:::::::*
	cpe:2.3:h:cisco:mds_9250i:-:::::::*
	cpe:2.3:h:cisco:mds_9396s:-:::::::*
	cpe:2.3:h:cisco:mds_9396t:-:::::::*
	cpe:2.3:h:cisco:mds_9506:-:::::::*
	cpe:2.3:h:cisco:mds_9513:-:::::::*
	cpe:2.3:h:cisco:mds_9706:-:::::::*
	cpe:2.3:h:cisco:mds_9710:-:::::::*
	cpe:2.3:h:cisco:mds_9718:-:::::::*
	cpe:2.3:h:cisco:n77-f312ck-26:-:::::::*
	cpe:2.3:h:cisco:n77-f324fq-25:-:::::::*
	cpe:2.3:h:cisco:n77-f348xp-23:-:::::::*
	cpe:2.3:h:cisco:n77-f430cq-36:-:::::::*
	cpe:2.3:h:cisco:n77-m312cq-26l:-:::::::*
	cpe:2.3:h:cisco:n77-m324fq-25l:-:::::::*
	cpe:2.3:h:cisco:n77-m348xp-23l:-:::::::*
	cpe:2.3:h:cisco:n7k-f248xp-25e:-:::::::*
	cpe:2.3:h:cisco:n7k-f306ck-25:-:::::::*
	cpe:2.3:h:cisco:n7k-f312fq-25:-:::::::*
	cpe:2.3:h:cisco:n7k-m202cf-22l:-:::::::*
	cpe:2.3:h:cisco:n7k-m206fq-23l:-:::::::*
	cpe:2.3:h:cisco:n7k-m224xp-23l:-:::::::*
	cpe:2.3:h:cisco:n7k-m324fq-25l:-:::::::*
	cpe:2.3:h:cisco:n7k-m348xp-25l:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_10-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_4-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_9-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_supervisor_1:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_supervisor_2:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_supervisor_2e:-:::::::*
	cpe:2.3:h:cisco:nexus_7700_10-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7700_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7700_2-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7700_6-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7700_supervisor_2e:-:::::::*
	cpe:2.3:h:cisco:nexus_7700_supervisor_3e:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:nx-os:5.2\(1\)sv5\(1.3b\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_1000v:-:::::microsoft_hyper-v::
	cpe:2.3:h:cisco:nexus_1000v:-:::::vmware_vsphere::
	cpe:2.3:h:cisco:nexus_1000ve:-:::::vsphere::

Configuration 4 [-]

AND

cpe:2.3:o:cisco:nx-os:9.3\(8.15\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:n9k-c9316d-gx:-:::::::*
	cpe:2.3:h:cisco:n9k-c9332d-gx2b:-:::::::*
	cpe:2.3:h:cisco:n9k-c9348d-gx2a:-:::::::*
	cpe:2.3:h:cisco:n9k-c93600cd-gx:-:::::::*
	cpe:2.3:h:cisco:n9k-c9364d-gx2a:-:::::::*
	cpe:2.3:h:cisco:nexus_1000v:-:::::vmware_vsphere::
	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31128pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3132c-z:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-v:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3164q:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3232c:-:::::::*
	cpe:2.3:h:cisco:nexus_3264c-e:-:::::::*
	cpe:2.3:h:cisco:nexus_3264q:-:::::::*
	cpe:2.3:h:cisco:nexus_3408-s:-:::::::*
	cpe:2.3:h:cisco:nexus_34180yc:-:::::::*
	cpe:2.3:h:cisco:nexus_3432d-s:-:::::::*
	cpe:2.3:h:cisco:nexus_3464c:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::*
	cpe:2.3:h:cisco:nexus_3636c-r:-:::::::*
	cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_92300yc:-:::::::*
	cpe:2.3:h:cisco:nexus_92304qc:-:::::::*
	cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_9236c:-:::::::*
	cpe:2.3:h:cisco:nexus_9272q:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:::::::*
	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9332c:-:::::::*
	cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:::::::*
	cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::*
	cpe:2.3:h:cisco:nexus_9364c:-:::::::*
	cpe:2.3:h:cisco:nexus_9364c-gx:-:::::::*
	cpe:2.3:h:cisco:nexus_9504:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*
	cpe:2.3:h:cisco:nexus_9516:-:::::::*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:nx-os:4.0\(1a\)a:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:ucs_64108:-:::::::*
	cpe:2.3:h:cisco:ucs_6454:-:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:nx-os:4.1\(3f\)c:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:ucs_6248up:-:::::::*
	cpe:2.3:h:cisco:ucs_6296up:-:::::::*
	cpe:2.3:h:cisco:ucs_6324:-:::::::*
	cpe:2.3:h:cisco:ucs_6332:-:::::::*
	cpe:2.3:h:cisco:ucs_6332-16up:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-25875	A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0237}`	epss `{'score': 0.02487}`

Wed, 06 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-02-23T17:40:15.926880Z

Updated: 2024-11-06T16:29:50.135Z

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20625

Vulnrichment

Updated: 2024-08-03T02:17:52.933Z

NVD

Status : Modified

Published: 2022-02-23T18:15:18.637

Modified: 2024-11-21T06:43:11.237

Link: CVE-2022-20625

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object