CVE-2022-20915 — Misinterpretation of Input in Cisco IOS XE Software

CWE-115 — Misinterpretation of Input CWE-436 — Interpretation Conflict4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 71.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software

Timeline

PublishedOct 10

Latest updateOct 11

Description

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-xx9r-h2q8-q5m3: A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthentic↗2022-10-11

▶

CVEList

Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability↗2022-10-10

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability↗2022-09-28

▶