CVE-2022-20920

HIGH

Cisco Ios - Improper Exception Handling

Title source: rule

Description

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk

Scores

CVSS v3 7.7

EPSS 0.0102

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (50)

cisco/ios

... and 35 more

Timeline

Published Oct 10, 2022

Tracked Since Feb 18, 2026