CVE-2022-20870

HIGH 8.6

Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability

CVSS Score

8.6

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CWE	CWE-130
Vendor	cisco
Product	cisco ios xe software
Ecosystems	Networking
Industries	NetworkingTelecommunications
Published	Oct 10, 2022
Last Updated	Nov 1, 2024

Stay Ahead of the Next One

Get instant alerts for cisco cisco ios xe software

Be the first to know when new high vulnerabilities affecting cisco cisco ios xe software are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Cisco / Cisco IOS XE Software

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tools.cisco.com: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3