CVE-2022-20920

Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability

CVSS 7.7 HIGHEPSS 0.8%CWE-755

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.7EPSS 0.8%KEV nãoPoC —Patch referenciado

Ciclo de vida

10 oct 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Productos afectados

Cisco · Cisco IOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk