CVE-2022-20692 Information
Share on:
Jun 06, 2022
cve
Description
A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged authenticated remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources causing the device to reload and resulting in a DoS condition on an affected device.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
6.5