CVE-2022-20920

HIGH

Cisco Ios - Improper Exception Handling

Title source: rule

Description

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk

Scores

CVSS v3 7.7

EPSS 0.0102

EPSS Percentile 77.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-755

Status published

Products (50)

cisco/ios 12.2\(6\)i1

cisco/ios 12.2\(58\)ex

cisco/ios 12.2\(58\)ey

cisco/ios 12.2\(58\)ey1

cisco/ios 12.2\(58\)ey2

cisco/ios 12.2\(58\)ez

cisco/ios 12.2\(58\)se

cisco/ios 12.2\(58\)se1

cisco/ios 12.2\(58\)se2

cisco/ios 12.2\(60\)ez

... and 40 more

Published Oct 10, 2022

Tracked Since Feb 18, 2026