CVE-2022-20846Classic Buffer Overflow in Cisco IOS XR Software

CWE-120Classic Buffer Overflow4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
2.0%
top 16.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedNov 15

Description

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a heap

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software60 versions+59
NVDcisco/ios_xr60 versions+59

🔴Vulnerability Details

2
GHSA
GHSA-xqfj-6ppw-2qw5: A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause th2024-11-15
CVEList
Cisco IOS XR Software Cisco Discovery Protocol Buffer Overflow Vulnerability2024-11-15

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability2022-09-14
CVE-2022-20846 — Classic Buffer Overflow in Cisco | cvebase