CVE-2022-20920

Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability

CVSS 7.7 HIGHEPSS 0.8%CWE-755

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.7EPSS 0.8%KEV nãoPoC —Patch referenciado

Ciclo de vida

10 out 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Produtos afetados

Cisco · Cisco IOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk