发布日期：2022-02-23
更新日期：2022-02-24

受影响系统：

Cisco Cisco UCS 6200 Series Fabric Interconnects
Cisco Cisco Firepower 9300 Security Appliance
Cisco Cisco Firepower 4100 Series
Cisco Cisco MDS 9000 Series Multilayer Switches
Cisco Cisco Nexus 1000 Virtual Edge for VMware vSphere
Cisco Cisco Nexus 1000V Switch for Microsoft Hyper-V
Cisco Cisco Nexus 1000V Switch for VMware vSphere
Cisco Cisco Nexus 3000 Series Switches
Cisco Cisco Nexus 5500 Platform Switches
Cisco Cisco Nexus 5600 Platform Switches
Cisco Cisco Nexus 6000 Series Switches
Cisco Cisco Nexus 7000 Series Switches
Cisco Cisco Nexus 9000 Series Fabric Switches
Cisco Cisco UCS 6300 Series Fabric Interconnects
Cisco Cisco UCS 6400 Series Fabric Interconnects

描述：

---

CVE(CAN) ID: CVE-2022-20625

Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。Cisco FXOS Software是一套运行在思科安全设备中的防火墙软件。
Cisco FXOS Software和Cisco NX-OS Software中的Cisco Discovery Protocol Services存在拒绝服务漏洞，该漏洞源于程序未对Cisco Discovery Protocol Services进行正确处理。未经身份认证的攻击者可通过向受影响设备发送恶意的Cisco Discovery Protocol Services消息利用该漏洞造成进程崩溃并导致设备拒绝服务（DoS）。

<*链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-cdp-dos-G8DPLWYG）以及相应补丁:
cisco-sa-cdp-dos-G8DPLWYG：Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG

浏览次数：1028
严重程度：0（网友投票）