Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022

cisco-sa-mlx5-jbPCrqD8 · High · Published · Updated

On August 29, 2022, NVIDIA announced the following vulnerability with a medium impact: CVE-2022-28199: Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022 For a description of this vulnerability, see Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022. This advisory will be updated as additional information becomes available. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability; however, a recovery mechanism exists in Cisco Catalyst 8000V Edge Software.

Using the example shown in the Indicators of Compromise ["#ioc"] section of this advisory, where GigabitEthernet2 was affected, the commands in the following example show the recovery technique of shut/no shut:

cat8kv#show control | include ^GigabitEthernet.*|rx_errors
GigabitEthernet1 - Gi1 is mapped to UIO on VXE
rx_errors 0
GigabitEthernet2 - Gi2 is mapped to UIO on VXE
rx_errors 20]
GigabitEthernet3 - Gi3 is mapped to UIO on VXE
rx_errors 0
cat8kv#
cat8kv#configure terminal
cat8kv(config)#interface GigabitEthernet2
cat8kv(config-if)#shut
cat8kv(config-if)#no shut
cat8kv(config-if)#end
cat8kv#

CVEsCVE-2022-28199
Cisco Bug IDsCSCwb39904, CSCwb58007
CVSS ScoreBase 8.6
Base 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS XE Catalyst SD-WAN, Cisco IOS XE Software 17.6.1, Cisco IOS XE Software 17.6.2, Cisco IOS XE Software 17.6.1a, Cisco IOS XE Software 17.6.3, Cisco IOS XE Software 17.6.1y, Cisco IOS XE Software 17.6.3a, Cisco IOS XE Software 17.7.1, Cisco IOS XE Software 17.7.1a, Cisco IOS XE Software 17.8.1, Cisco IOS XE Software 17.8.1a

Related Products

Product CVE Evidence
Cisco IOS CVE-2022-28199 Cisco OpenVuln
Cisco Secure Firewall Threat Defense (FTD) Software CVE-2022-28199 Cisco OpenVuln
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software CVE-2022-28199 Cisco OpenVuln
Cisco IOS XE Software CVE-2022-28199 Cisco OpenVuln
Cisco IOS XE Catalyst SD-WAN CVE-2022-28199 Cisco OpenVuln
Cisco Catalyst 9600 Series Switches CVE-2022-28199 Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches CVE-2022-28199 Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches CVE-2022-28199 Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches CVE-2022-28199 Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches CVE-2022-28199 Cisco OpenVuln · software-dependent