CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability

CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability

These vulnerabilities were discovered by security researchers at Cisco Talos. The Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. These vulnerabilities are being exploited in the wild. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory

Summary of the Vulnerabilities

The Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption which can result in remote code execution or a denial of service condition on the switch device

Introduction to CVE-2022-22011

Cisco Talos has discovered two vulnerabilities on the Cisco Nexus 9000 Series Switch. The first vulnerability is a privilege escalation bug that could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. The second vulnerability is a memory corruption bug that could allow an unauthenticated attacker with network access via SSH to cause a denial of service (DoS) condition. These vulnerabilities are being exploited in the wild. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption

Summary of Cisco Nexus 9300 Series Software Vulnerabilities

The Cisco Nexus 9300 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption on the affected system, which may result in a denial of service (DoS) condition or remote code execution on the device that is accessible over the network, if configurable in certain configurations of Cisco Nexus 9300 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe