CVE-2022-20870 — Improper Handling of Length Parameter Inconsistency in Cisco IOS XE Software

CWE-130 — Improper Handling of Length Parameter Inconsistency4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.5%

top 35.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software

Timeline

PublishedOct 10

Latest updateOct 11

Description

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interf…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-prm7-p5hm-qq42: A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Famil↗2022-10-11

▶

CVEList

Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability↗2022-10-10

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability↗2022-09-28

▶