CVE-2022-20845Memory Allocation with Excessive Size Value in Cisco IOS XR Software

CWE-789Memory Allocation with Excessive Size Value4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 84.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR Software
Timeline
PublishedNov 15

Description

A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful exploit could allow the attacker to cause the TL1 process to consume large amounts of memory. When the memory

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xr_software6 versions+5

🔴Vulnerability Details

2
CVEList
Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability2024-11-15
GHSA
GHSA-fw7g-x8q3-h9pr: A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memo2024-11-15

📋Vendor Advisories

1
Cisco
Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability2022-09-14
CVE-2022-20845 — Cisco IOS XR Software vulnerability | cvebase