CVE-2022-20692 — Uncontrolled Resource Consumption in Cisco IOS XE Software

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.5MEDIUMNVD

CNA7.7

EPSS

0.7%

top 27.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software Cisco IOS XE

Timeline

PublishedApr 15

Latest updateApr 16

Description

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS conditio…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

▶NVDcisco/ios_xe127 versions+126

🔴Vulnerability Details

GHSA

GHSA-m4jm-38q7-gpvv: A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denia↗2022-04-16

▶

CVEList

Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability↗2022-04-15

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability↗2022-04-13

▶