← volver
CVE-2022-20692

Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability

CVSS 7.7 HIGHEPSS 1.1%CWE-400
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.7EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
15 abr 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →