CVE-2022-20758 — Cisco IOS XR vulnerability

CWE-3994 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 41.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XR Cisco IOS XR Software

Timeline

PublishedApr 15

Latest updateApr 16

Description

A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message that contains specific EVPN attributes. To exploit this vulnerability, an att…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xr_softwaren/a

▶NVDcisco/ios_xr7.0 — 7.3.2+2

🔴Vulnerability Details

GHSA

GHSA-786f-rrh2-r2pf: A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an u↗2022-04-16

▶

CVEList

Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability↗2022-04-15

▶

📋Vendor Advisories

Cisco

Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability↗2022-04-13

▶