CVE-2022-20915
First published: Mon Oct 10 2022(Updated: )
A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-20915?
CVE-2022-20915 is a vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
How severe is CVE-2022-20915?
CVE-2022-20915 has a severity level of 7.4 (High).
How does CVE-2022-20915 impact Cisco IOS XE Software?
CVE-2022-20915 can result in a denial of service (DoS) condition on an affected device running Cisco IOS XE Software.
What is the Common Weakness Enumeration (CWE) associated with CVE-2022-20915?
CVE-2022-20915 is associated with CWE-436 (Denial of Service) and CWE-115 (Misinterpretation of Input).
How can I fix CVE-2022-20915?
To mitigate CVE-2022-20915, it is recommended to apply the necessary updates provided by Cisco IOS XE Software, as mentioned in the Cisco Security Advisory.
- collector/nvd-index
- vendor/cisco
- canonical/cisco ios xe