Rewterz Threat Advisory – CVE-2022-0029 – Palo Alto Networks Cortex XDR Agent Vulnerability
September 17, 2022Rewterz Threat Advisory – CVE-2022-20845 – Cisco Network Convergence System 4000 Series Vulnerability
September 18, 2022Severity
Medium
Analysis Summary
CVE-2022-20846 CVSS:4.3
Cisco IOS XR Software is vulnerable to a denial of service, caused by a heap-based buffer overflow in certain Cisco Discovery Protocol messages. By sending a specially-crafted Cisco Discovery Protocol packet, a remote attacker could exploit this vulnerability to the Cisco Discovery Protocol process to reload on the device, and results in a denial of service condition.
CVE-2022-20849 CVSS:6.1
Cisco IOS XR Software is vulnerable to a denial of service, caused by improper handling of an error condition in the PPPoE feature. By sending specially-crafted PPPoE packets, a remote attacker could exploit this vulnerability to cause the PPPoE process to continually restart, and results in a denial of service condition.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-20846
- CVE-2022-20849
Affected Vendors
- Cisco
Affected Products
- Cisco IOS XR Software
- Cisco ASR 9000 Series Aggregation Services Routers
- Cisco IOS XRv 9000 Routers
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.