CVE-2022-20849

CWE-3914 documents4 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 83.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco IOS XR Software Cisco IOS XR

Timeline

PublishedNov 15

Description

A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by sending a sequence of specific PPPoE packets from controlled customer premises equipment (CPE). A successf…

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 1.6 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xr_software33 versions+32

▶NVDcisco/ios_xr33 versions+32

🔴Vulnerability Details

GHSA

GHSA-r2p4-pwjj-hqr4: A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent a↗2024-11-15

▶

CVEList

Cisco IOS XR Software Broadband Network Gateway PPPoE Denial of Service Vulnerability↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco IOS XR Software Broadband Network Gateway PPP over Ethernet Denial of Service Vulnerability↗2022-09-14

▶