These vulnerabilities were discovered by security researchers at Cisco Talos. The Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. These vulnerabilities are being exploited in the wild. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory

Summary of the Vulnerabilities

The Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption which can result in remote code execution or a denial of service condition on the switch device

Introduction to CVE-2022-22011

Cisco Talos has discovered two vulnerabilities on the Cisco Nexus 9000 Series Switch. The first vulnerability is a privilege escalation bug that could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. The second vulnerability is a memory corruption bug that could allow an unauthenticated attacker with network access via SSH to cause a denial of service (DoS) condition. These vulnerabilities are being exploited in the wild. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption

Summary of Cisco Nexus 9300 Series Software Vulnerabilities

The Cisco Nexus 9300 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption on the affected system, which may result in a denial of service (DoS) condition or remote code execution on the device that is accessible over the network, if configurable in certain configurations of Cisco Nexus 9300 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1

Timeline

Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/18/2022 18:23:00 UTC

References