CVE-2022-20692 | ByteOS Network

Vulnerability Details :

CVE-2022-20692

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-15 Apr, 2022 | 14:16

Updated At-06 Nov, 2024 | 16:26

Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:cisco

Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633

Published At:15 Apr, 2022 | 14:16

Updated At:06 Nov, 2024 | 16:26

▼CVE Numbering Authority (CNA)

Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device.

Affected Products

Vendor

Cisco Systems, Inc.

Product

Cisco IOS XE Software

Versions

Affected

n/a

Problem Types

Type	CWE ID	Description
CWE	CWE-400	CWE-400

Type: CWE

CWE ID: CWE-400

Description: CWE-400

Metrics

Version	Base score	Base severity	Vector
3.1	7.7	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Version: 3.1

Base score: 7.7

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

References

Hyperlink	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8	vendor-advisory x_refsource_CISCO

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8

Resource:

vendor-advisory

x_refsource_CISCO

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8	vendor-advisory x_refsource_CISCO x_transferred

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8

Resource:

vendor-advisory

x_refsource_CISCO

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:ykramarz@cisco.com

Published At:15 Apr, 2022 | 15:15

Updated At:07 Nov, 2023 | 03:42

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	7.7	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:C

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.7

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:N/A:C

CPE Matches

Cisco Systems, Inc.

>>ios_xe>>3.15.1xbs

cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.15.2xbs

cpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.1

cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.1a

cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.2

cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.3

cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.4

cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.5

cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.5b

cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.6

cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.7

cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.8

cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.9

cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.10

cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.11

cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.4.1

cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.4.2

cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.4.3

cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.1

cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.1a

cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.1b

cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.2

cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.3

cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.1

cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.2

cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.3

cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.4

cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.4a

cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.4s

cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.5

cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.5a

cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.5b

cpe:2.3:o:cisco:ios_xe:16.6.5b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.6

cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.7

cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.7a

cpe:2.3:o:cisco:ios_xe:16.6.7a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.8

cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.9

cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.10

cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.1

cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.1a

cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.1b

cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.2

cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.3

cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.4

cpe:2.3:o:cisco:ios_xe:16.7.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1

cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1a

cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1b

cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1c

cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1d

cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1e

cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-400	Primary	nvd@nist.gov
CWE-400	Secondary	ykramarz@cisco.com

CWE ID: CWE-400

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-400

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8

Source: ykramarz@cisco.com

Resource:

Vendor Advisory