CVE-2022-20694 — Reachable Assertion in Cisco IOS XE Software

CWE-617 — Reachable Assertion4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 41.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software Cisco IOS XE

Timeline

PublishedApr 15

Latest updateApr 16

Description

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifica…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

▶NVDcisco/ios_xe234 versions+233

🔴Vulnerability Details

GHSA

GHSA-64wp-p24m-26g2: A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated↗2022-04-16

▶

CVEList

Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability↗2022-04-15

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability↗2022-04-13

▶