A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Cisco
  • N9k-c92160yc-x
  • N9k-c92300yc
  • N9k-c92304qc
  • N9k-c9232c
  • N9k-c92348gc-x
  • N9k-c9236c
  • N9k-c9272q
  • N9k-c93108tc-ex
  • N9k-c93108tc-fx
  • N9k-c9316d-gx
  • N9k-c93180lc-ex
  • N9k-c93180yc-ex
  • N9k-c93180yc-fx
  • N9k-c93180yc2-fx
  • N9k-c93216tc-fx2
  • N9k-c93240yc-fx2
  • N9k-c9332c
  • N9k-c93360yc-fx2
  • N9k-c9336c-fx2
  • N9k-c9348gc-fxp
  • N9k-c93600cd-gx
  • N9k-c9364c
  • N9k-c9364c-gx
  • N9k-x97160yc-ex
  • N9k-x97284yc-fx
  • N9k-x9732c-ex
  • N9k-x9732c-fx
  • N9k-x9736c-ex
  • N9k-x9736c-fx
  • N9k-x9788tc-fx
  • Nx-os

Configuration 1 [-]

AND
OR cpe:2.3:h:cisco:n9k-c92160yc-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c92300yc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c92304qc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9232c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c92348gc-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9236c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9272q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93108tc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93108tc-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9316d-gx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93180lc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93180yc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93180yc-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93180yc2-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93216tc-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93240yc-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9332c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93360yc-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9336c-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9348gc-fxp:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c93600cd-gx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9364c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-c9364c-gx:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-x97284yc-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*
OR cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-02-23T17:40:26.958880Z

Updated: 2024-09-17T01:31:48.139Z

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20623

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-23T18:15:18.507

Modified: 2023-11-07T03:42:28.110

Link: CVE-2022-20623

cve-icon Redhat

No data.