Improper Handling of Length Parameter Inconsistency in Cisco Systems, Inc products - CVE-2022-20870
Published: September 29, 2022
Vulnerability identifier: #VU67735
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-20870
CWE-ID: CWE-130
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Catalyst 3650 Series Switches
Catalyst 3850 Series Switches
Catalyst 9300 Series Switches
Catalyst 9400 Series Switches
Catalyst 9500 Series Switches
Catalyst 9600 Series Switches
Cisco IOS XE
Catalyst 3650 Series Switches
Catalyst 3850 Series Switches
Catalyst 9300 Series Switches
Catalyst 9400 Series Switches
Catalyst 9500 Series Switches
Catalyst 9600 Series Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation of IPv4 traffic in the egress MPLS packet processing function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.