CVE-2022-20920
HIGHCisco IOS - Authenticated Denial of Service via SSH Request Handling
Title source: llmDescription
A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
Scores
CVSS v3
7.7
EPSS
0.0080
EPSS Percentile
51.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-755
Status
published
Products (50)
Cisco/Cisco IOS
cisco/ios
12.2\(6\)i1
cisco/ios
12.2\(58\)ex
cisco/ios
12.2\(58\)ey
cisco/ios
12.2\(58\)ey1
cisco/ios
12.2\(58\)ey2
cisco/ios
12.2\(58\)ez
cisco/ios
12.2\(58\)se
cisco/ios
12.2\(58\)se1
cisco/ios
12.2\(58\)se2
... and 40 more
Published
Oct 10, 2022
Tracked Since
Feb 18, 2026