Medium
CVE-2022-20846 CVSS:4.3
Cisco IOS XR Software is vulnerable to a denial of service, caused by a heap-based buffer overflow in certain Cisco Discovery Protocol messages. By sending a specially-crafted Cisco Discovery Protocol packet, a remote attacker could exploit this vulnerability to the Cisco Discovery Protocol process to reload on the device, and results in a denial of service condition.
CVE-2022-20849 CVSS:6.1
Cisco IOS XR Software is vulnerable to a denial of service, caused by improper handling of an error condition in the PPPoE feature. By sending specially-crafted PPPoE packets, a remote attacker could exploit this vulnerability to cause the PPPoE process to continually restart, and results in a denial of service condition.
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.