Loading HuntDB...

GHSA-cvm3-233f-g2vf

GitHub Security Advisory

⚠ Unreviewed HIGH Has CVE

Advisory Details

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.

Related CVEs

Key Information

GHSA ID
GHSA-cvm3-233f-g2vf
Published
May 24, 2022 5:09 PM
Last Modified
April 20, 2023 3:30 PM
CVSS Score
7.5 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: October 5, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.