Strix
26.1K

CVE-2022-20920

HIGHCVSS 7.7/10EPSS 0.80%

Last modified

CVE-2022-20920 is a high-severity vulnerability rated 7.7/10 on the CVSS scale. A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. EPSS estimates a 0.80% chance of exploitation in the next 30 days.

Description

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

Metrics

CVSS 3.1
7.7/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS Probability
0.80%

51.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoIos12.2\(6\)i1
CiscoIos12.2\(58\)ex
CiscoIos12.2\(58\)ey
CiscoIos12.2\(58\)ey1
CiscoIos12.2\(58\)ey2
CiscoIos12.2\(58\)ez
CiscoIos12.2\(58\)se
CiscoIos12.2\(58\)se1
CiscoIos12.2\(58\)se2
CiscoIos12.2\(60\)ez
CiscoIos12.2\(60\)ez1
CiscoIos12.2\(60\)ez2
CiscoIos12.2\(60\)ez3
CiscoIos12.2\(60\)ez4
CiscoIos12.2\(60\)ez5
CiscoIos12.2\(60\)ez6
CiscoIos12.2\(60\)ez7
CiscoIos12.2\(60\)ez8
CiscoIos12.2\(60\)ez9
CiscoIos12.2\(60\)ez10
CiscoIos12.2\(60\)ez11
CiscoIos12.2\(60\)ez12
CiscoIos12.2\(60\)ez13
CiscoIos12.2\(60\)ez14
CiscoIos12.2\(60\)ez15
CiscoIos12.2ex
CiscoIos12.2ey
CiscoIos12.2ez
CiscoIos12.2i
CiscoIos12.2se
CiscoIos12.4\(22\)md
CiscoIos12.4\(22\)md1
CiscoIos12.4\(22\)md2
CiscoIos12.4\(22\)mda
CiscoIos12.4\(22\)mda1
CiscoIos12.4\(22\)mda2
CiscoIos12.4\(22\)mda3
CiscoIos12.4\(22\)mda4
CiscoIos12.4\(22\)mda5
CiscoIos12.4\(22\)mda6
CiscoIos12.4\(22\)t
CiscoIos12.4\(22\)t1
CiscoIos12.4\(22\)t2
CiscoIos12.4\(22\)t3
CiscoIos12.4\(22\)t4
CiscoIos12.4\(22\)t5
CiscoIos12.4\(22\)xr1
CiscoIos12.4\(22\)xr2
CiscoIos12.4\(22\)xr3
CiscoIos12.4\(22\)xr4

Showing 50 of 1596 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-20920?
A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.
How severe is CVE-2022-20920?
CVE-2022-20920 has a CVSS score of 7.7/10 (HIGH severity). The EPSS model estimates a 0.80% probability of exploitation in the next 30 days.
How do I fix CVE-2022-20920?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-20920?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST