These vulnerabilities were discovered by security researchers at Cisco Talos. The Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. These vulnerabilities are being exploited in the wild. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory
Summary of the Vulnerabilities
The Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption which can result in remote code execution or a denial of service condition on the switch device
Introduction to CVE-2022-22011
Cisco Talos has discovered two vulnerabilities on the Cisco Nexus 9000 Series Switch. The first vulnerability is a privilege escalation bug that could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption. The second vulnerability is a memory corruption bug that could allow an unauthenticated attacker with network access via SSH to cause a denial of service (DoS) condition. These vulnerabilities are being exploited in the wild. Cisco Nexus 9000 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption
Summary of Cisco Nexus 9300 Series Software Vulnerabilities
The Cisco Nexus 9300 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1.3, or 8.0.x before 8.0.2 could allow an unauthenticated attacker with network access via SSH to become root and cause memory corruption on the affected system, which may result in a denial of service (DoS) condition or remote code execution on the device that is accessible over the network, if configurable in certain configurations of Cisco Nexus 9300 Series Switch with software before 6.2.5, 7.0.x before 7.0.5, 7.1.x before 7.1
Timeline
Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/18/2022 18:23:00 UTC