What is CVE-2022-20920?

CVE-2022-20920 is a high-severity vulnerability in Cisco Ios, classified under Improper Handling of Exceptional Conditions. CVSS score: 7.7/10. Published 2022-10-10.

How severe is CVE-2022-20920?

High severity. CVSS v3 base score is 7.7 out of 10.

Is CVE-2022-20920 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cisco Ios

CVE-2022-20920

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources duri…

EPSS: 0.010 (77.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H.

Affected products

Cisco Ios — versions n/a
Cisco Ios — versions 12.2\(6\)i1, 12.2\(58\)ex, 12.2\(58\)ey
Cisco Ios_xe — versions 3.2.0se, 3.2.1se, 3.2.2se

Weakness classification (CWE)

CWE-755 — Improper Handling of Exceptional Conditions

Public proof-of-concept exploits

ignacio108/cve-management-service

References

psirt@cisco.com (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2022-20920?: CVE-2022-20920 is a high-severity vulnerability in Cisco Ios, classified under Improper Handling of Exceptional Conditions. CVSS score: 7.7/10. Published 2022-10-10.
How severe is CVE-2022-20920?: High severity. CVSS v3 base score is 7.7 out of 10.
Is CVE-2022-20920 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.