Improper Handling of Length Parameter Inconsistency in Cisco Systems, Inc products - CVE-2022-20870

 

Improper Handling of Length Parameter Inconsistency in Cisco Systems, Inc products - CVE-2022-20870

Published: September 29, 2022


Vulnerability identifier: #VU67735
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-20870
CWE-ID: CWE-130
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS XE
Catalyst 3650 Series Switches
Catalyst 3850 Series Switches
Catalyst 9300 Series Switches
Catalyst 9400 Series Switches
Catalyst 9500 Series Switches
Catalyst 9600 Series Switches

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation of IPv4 traffic in the egress MPLS packet processing function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


How to mitigate CVE-2022-20870

Install updates from vendor's website.

Sources