CVE-2022-20920

CWE-755Improper Exception Handling4 documents4 sources
Severity
7.7HIGH
EPSS
1.0%
top 22.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco IOSCisco IOSCisco IOS XE
Timeline
PublishedOct 10
Latest updateOct 11

Description

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

NVDcisco/ios1177 versions+1176
NVDcisco/ios_xe419 versions+418
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-x4hg-95c5-c2vp: A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an af2022-10-11
CVEList
Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability2022-10-10

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability2022-09-28
CVE-2022-20920 (HIGH CVSS 7.7) | A vulnerability in the SSH implemen | cvebase.io