CVE-2022-20846

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 120

Summary

CVE-2022-20846 is a vulnerability affecting the Cisco Discovery Protocol implementation in Cisco IOS XR Software. This issue results from a heap buffer overflow in certain Cisco Discovery Protocol messages, which an unauthenticated, adjacent attacker can exploit by sending malicious packets. A successful exploit may cause the Cisco Discovery Protocol process to reload on the affected device, potentially disrupting network services. The attacker's ability to write bytes in the buffer is limited, preventing remote code execution. The vulnerability can only be exploited by an attacker in the same broadcast domain as the target device. Software updates from Cisco address this issue, and no workarounds are available. This advisory is included in the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Cisco IOS

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners