May 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Severity
High
Analysis Summary
CVE-2022-20870 CVSS:8.6
Cisco IOS XE Software is vulnerable to a denial of service, caused by insufficient input validation of IPv4 traffic in the egress MPLS packet processing function. By sending a specially crafted packet out of an affected MPLS-enabled interface, a remote attacker could exploit this vulnerability to cause the device to reload.
CVE-2022-20915 CVSS:7.4
Cisco IOS XE Software is vulnerable to a denial of service, caused by improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW). By sending a specially crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device, an adjacent attacker could exploit this vulnerability to reload the device.
CVE-2022-20847 CVSS:8.6
Cisco IOS XE Wireless Controller Software is vulnerable to a denial of service, caused by improper processing of DHCP messages. By sending specially crafted DHCP messages to an affected device, a remote attacker could exploit this vulnerability to cause an affected device to reload.
CVE-2022-20920 CVSS:7.7
Cisco IOS and IOS XE Software are vulnerable to a denial of service, caused by improper handling of resources during an exceptional situation in the SSH implementation. By continuously connecting to an affected device and sending specific SSH requests, a remote authenticated attacker could exploit this vulnerability to cause an affected device to reload.
CVE-2022-20864 CVSS:4.6
Cisco IOS XE ROM Monitor Software could allow a local attacker to obtain sensitive information, caused by a flaw in the file and boot variable permissions in ROMMON. By rebooting the switch into ROMMON and entering specific commands through the console, an attacker could exploit this vulnerability to reset the enable password, read files, and use this information to launch further attacks against the affected system.
CVE-2022-20848 CVSS:8.6
Cisco IOS XE is vulnerable to a denial of service, caused by improper processing of UDP datagrams in the UDP processing functionality. By sending specially crafted UDP datagrams to an affected device, an attacker could exploit this vulnerability to cause the device to reload.
CVE-2022-20837 CVSS:8.6
Cisco IOS XE Software is vulnerable to a denial of service, caused by a logic error that occurs when an affected device inspects certain TCP DNS packets in the DNS application layer gateway (ALG) functionality. By sending specially crafted DNS packets through the affected device that is performing NAT for DNS packets, a remote attacker could exploit this vulnerability to cause an affected device to reload.
CVE-2022-20851 CVSS:5.5
Cisco IOS XE could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient input validation in the web UI feature. By sending specially-crafted input to the web UI API, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system with root privileges.
CVE-2022-20919 CVSS:8.6
Cisco IOS and Cisco IOS XE are vulnerable to a denial of service, caused by insufficient input validation during processing of CIP packets. By sending specially-crafted CIP packets to a vulnerable device, a remote attacker could exploit this vulnerability to cause the device to reload.
CVE-2022-20944 CVSS:6.1
Cisco IOS XE Software for Catalyst 9200 Series Switches could allow a physical attacker to execute arbitrary code on the system, caused by improper check in the code function for the verification of the digital signatures of system image files during the initial boot process. By loading unsigned software, an attacker could exploit this vulnerability to execute arbitrary unsigned code and bypass the image verification check part of the boot process.
Impact
- Denial of Service
- Information Disclosure
- Code Execution
Indicators Of Compromise
CVE
- CVE-2022-20870
- CVE-2022-20915
- CVE-2022-20847
- CVE-2022-20920
- CVE-2022-20864
- CVE-2022-20848
- CVE-2022-20837
- CVE-2022-20851
- CVE-2022-20919
- CVE-2022-20944
Affected Vendors
Cisco
Affected Products
- Cisco IOS XE Software
- Cisco Catalyst 3650 Series Switches
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 9300 Series Switches
- Cisco Catalyst 9500 Series Switches
- Cisco Catalyst 9400 Series Switches
- Cisco Catalyst 9600 Series Switches
- Cisco IOS XE Wireless Controller Software
- Cisco IOS XE ROM Monitor Software
- Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
CVE-2022-20870
CVE-2022-20915
CVE-2022-20847
CVE-2022-20920
CVE-2022-20864
CVE-2022-20848
CVE-2022-20837
CVE-2022-20851
CVE-2022-20919
CVE-2022-20944
