CVE-2022-20919

CWE-248CWE-755Improper Exception HandlingCWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGH
EPSS
0.9%
top 24.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOSCisco IOS XE
Timeline
PublishedSep 30
Latest updateOct 1

Description

A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A suc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe17.9.1
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-3mfm-pfv2-vmrp: A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software2022-10-01
CVEList
Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability2022-09-30

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability2022-09-28
CVE-2022-20919 (HIGH CVSS 7.5) | A vulnerability in the processing o | cvebase.io