First published: Mon Oct 10 2022(Updated: )
A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | ||
Cisco Catalyst 3650 | ||
Cisco Catalyst 3650-12x48fd-e | ||
Cisco Catalyst 3650-12x48fd-l | ||
Cisco Catalyst 3650-12x48fd-s | ||
Cisco Catalyst 3650-12x48uq | ||
Cisco Catalyst 3650-12x48uq-e | ||
Cisco Catalyst 3650-12x48uq-l | ||
Cisco Catalyst 3650-12x48uq-s | ||
Cisco Catalyst 3650-12x48ur | ||
Cisco Catalyst 3650-12x48ur-e | ||
Cisco Catalyst 3650-12x48ur-l | ||
Cisco Catalyst 3650-12x48ur-s | ||
Cisco Catalyst 3650-12x48uz | ||
Cisco Catalyst 3650-12x48uz-e | ||
Cisco Catalyst 3650-12x48uz-l | ||
Cisco Catalyst 3650-12x48uz-s | ||
Cisco Catalyst 3650-24pd | ||
Cisco Catalyst 3650-24pd-e | ||
Cisco Catalyst 3650-24pd-l | ||
Cisco Catalyst 3650-24pd-s | ||
Cisco Catalyst 3650-24pdm | ||
Cisco Catalyst 3650-24pdm-e | ||
Cisco Catalyst 3650-24pdm-l | ||
Cisco Catalyst 3650-24pdm-s | ||
Cisco Catalyst 3650-24ps-e | ||
Cisco Catalyst 3650-24ps-l | ||
Cisco Catalyst 3650-24ps-s | ||
Cisco Catalyst 3650-24td-e | ||
Cisco Catalyst 3650-24td-l | ||
Cisco Catalyst 3650-24td-s | ||
Cisco Catalyst 3650-24ts-e | ||
Cisco Catalyst 3650-24ts-l | ||
Cisco Catalyst 3650-24ts-s | ||
Cisco Catalyst 3650-48fd-e | ||
Cisco Catalyst 3650-48fd-l | ||
Cisco Catalyst 3650-48fd-s | ||
Cisco Catalyst 3650-48fq | ||
Cisco Catalyst 3650-48fq-e | ||
Cisco Catalyst 3650-48fq-l | ||
Cisco Catalyst 3650-48fq-s | ||
Cisco Catalyst 3650-48fqm | ||
Cisco Catalyst 3650-48fqm-e | ||
Cisco Catalyst 3650-48fqm-l | ||
Cisco Catalyst 3650-48fqm-s | ||
Cisco Catalyst 3650-48fs-e | ||
Cisco Catalyst 3650-48fs-l | ||
Cisco Catalyst 3650-48fs-s | ||
Cisco Catalyst 3650-48pd-e | ||
Cisco Catalyst 3650-48pd-l | ||
Cisco Catalyst 3650-48pd-s | ||
Cisco Catalyst 3650-48pq-e | ||
Cisco Catalyst 3650-48pq-l | ||
Cisco Catalyst 3650-48pq-s | ||
Cisco Catalyst 3650-48ps-e | ||
Cisco Catalyst 3650-48ps-l | ||
Cisco Catalyst 3650-48ps-s | ||
Cisco Catalyst 3650-48td-e | ||
Cisco Catalyst 3650-48td-l | ||
Cisco Catalyst 3650-48td-s | ||
Cisco Catalyst 3650-48tq-e | ||
Cisco Catalyst 3650-48tq-l | ||
Cisco Catalyst 3650-48tq-s | ||
Cisco Catalyst 3650-48ts-e | ||
Cisco Catalyst 3650-48ts-l | ||
Cisco Catalyst 3650-48ts-s | ||
Cisco Catalyst 3650-8x24pd-e | ||
Cisco Catalyst 3650-8x24pd-l | ||
Cisco Catalyst 3650-8x24pd-s | ||
Cisco Catalyst 3650-8x24uq | ||
Cisco Catalyst 3650-8x24uq-e | ||
Cisco Catalyst 3650-8x24uq-l | ||
Cisco Catalyst 3650-8x24uq-s | ||
Cisco Catalyst 3850 | ||
Cisco Catalyst 3850-12s-e | ||
Cisco Catalyst 3850-12s-s | ||
Cisco Catalyst 3850-12x48u | ||
Cisco Catalyst 3850-12xs-e | ||
Cisco Catalyst 3850-12xs-s | ||
Cisco Catalyst 3850-16xs-e | ||
Cisco Catalyst 3850-16xs-s | ||
Cisco Catalyst 3850-24p-e | ||
Cisco Catalyst 3850-24p-l | ||
Cisco Catalyst 3850-24p-s | ||
Cisco Catalyst 3850-24pw-s | ||
Cisco Catalyst 3850-24s-e | ||
Cisco Catalyst 3850-24s-s | ||
Cisco Catalyst 3850-24t-e | ||
Cisco Catalyst 3850-24t-l | ||
Cisco Catalyst 3850-24t-s | ||
Cisco Catalyst 3850-24u | ||
Cisco Catalyst 3850-24u-e | ||
Cisco Catalyst 3850-24u-l | ||
Cisco Catalyst 3850-24u-s | ||
Cisco Catalyst 3850-24xs | ||
Cisco Catalyst 3850-24xs-e | ||
Cisco Catalyst 3850-24xs-s | ||
Cisco Catalyst 3850-24xu | ||
Cisco Catalyst 3850-24xu-e | ||
Cisco Catalyst 3850-24xu-l | ||
Cisco Catalyst 3850-24xu-s | ||
Cisco Catalyst 3850-32xs-e | ||
Cisco Catalyst 3850-32xs-s | ||
Cisco Catalyst 3850-48f-e | ||
Cisco Catalyst 3850-48f-l | ||
Cisco Catalyst 3850-48f-s | ||
Cisco Catalyst 3850-48p-e | ||
Cisco Catalyst 3850-48p-l | ||
Cisco Catalyst 3850-48p-s | ||
Cisco Catalyst 3850-48pw-s | ||
Cisco Catalyst 3850-48t-e | ||
Cisco Catalyst 3850-48t-l | ||
Cisco Catalyst 3850-48t-s | ||
Cisco Catalyst 3850-48u | ||
Cisco Catalyst 3850-48u-e | ||
Cisco Catalyst 3850-48u-l | ||
Cisco Catalyst 3850-48u-s | ||
Cisco Catalyst 3850-48xs | ||
Cisco Catalyst 3850-48xs-e | ||
Cisco Catalyst 3850-48xs-f-e | ||
Cisco Catalyst 3850-48xs-f-s | ||
Cisco Catalyst 3850-48xs-s | ||
Cisco Catalyst 3850-nm-2-40g | ||
Cisco Catalyst 3850-nm-8-10g | ||
Cisco Catalyst 9300 | ||
Cisco Catalyst 9300-24p-a | ||
Cisco Catalyst 9300-24p-e | ||
Cisco Catalyst 9300-24s-a | ||
Cisco Catalyst 9300-24s-e | ||
Cisco Catalyst 9300-24t-a | ||
Cisco Catalyst 9300-24t-e | ||
Cisco Catalyst 9300-24u-a | ||
Cisco Catalyst 9300-24u-e | ||
Cisco Catalyst 9300-24ux-a | ||
Cisco Catalyst 9300-24ux-e | ||
Cisco Catalyst 9300-48p-a | ||
Cisco Catalyst 9300-48p-e | ||
Cisco Catalyst 9300-48s-a | ||
Cisco Catalyst 9300-48s-e | ||
Cisco Catalyst 9300-48t-a | ||
Cisco Catalyst 9300-48t-e | ||
Cisco Catalyst 9300-48u-a | ||
Cisco Catalyst 9300-48u-e | ||
Cisco Catalyst 9300-48un-a | ||
Cisco Catalyst 9300-48un-e | ||
Cisco Catalyst 9300-48uxm-a | ||
Cisco Catalyst 9300-48uxm-e | ||
Cisco Catalyst 9300l | ||
Cisco Catalyst 9300l-24p-4g-a | ||
Cisco Catalyst 9300l-24p-4g-e | ||
Cisco Catalyst 9300l-24p-4x-a | ||
Cisco Catalyst 9300l-24p-4x-e | ||
Cisco Catalyst 9300l-24t-4g-a | ||
Cisco Catalyst 9300l-24t-4g-e | ||
Cisco Catalyst 9300l-24t-4x-a | ||
Cisco Catalyst 9300l-24t-4x-e | ||
Cisco Catalyst 9300l-48p-4g-a | ||
Cisco Catalyst 9300l-48p-4g-e | ||
Cisco Catalyst 9300l-48p-4x-a | ||
Cisco Catalyst 9300l-48p-4x-e | ||
Cisco Catalyst 9300l-48t-4g-a | ||
Cisco Catalyst 9300l-48t-4g-e | ||
Cisco Catalyst 9300l-48t-4x-a | ||
Cisco Catalyst 9300l-48t-4x-e | ||
Cisco Catalyst 9300lm | ||
Cisco Catalyst 9300x | ||
Cisco Catalyst 9400 | ||
Cisco Catalyst 9500 | ||
Cisco Catalyst 9500h | ||
Cisco Catalyst 9600 | ||
Cisco Catalyst C3850-12x48u-e | ||
Cisco Catalyst C3850-12x48u-l | ||
Cisco Catalyst C3850-12x48u-s | ||
Cisco Catalyst C9500-12q | ||
Cisco Catalyst C9500-12q-a | ||
Cisco Catalyst C9500-12q-e | ||
Cisco Catalyst C9500-16x | ||
Cisco Catalyst C9500-16x-a | ||
Cisco Catalyst C9500-16x-e | ||
Cisco Catalyst C9500-24q | ||
Cisco Catalyst C9500-24q-a | ||
Cisco Catalyst C9500-24q-e | ||
Cisco Catalyst C9500-24y4c | ||
Cisco Catalyst C9500-32c | ||
Cisco Catalyst C9500-32qc | ||
Cisco Catalyst C9500-40x | ||
Cisco Catalyst C9500-40x-a | ||
Cisco Catalyst C9500-40x-e | ||
Cisco Catalyst C9500-48y4c | ||
Cisco Catalyst C9600-lc-24c | ||
Cisco Catalyst C9600-lc-48s | ||
Cisco Catalyst C9600-lc-48tx | ||
Cisco Catalyst C9600-lc-48yl |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20870 is a vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst switches.
CVE-2022-20870 has a severity value of 8.6, categorized as high severity.
Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches are affected by CVE-2022-20870.
An unauthenticated, remote attacker could exploit CVE-2022-20870 to cause a denial of service by making an affected device reload unexpectedly.