VDB

CVE-2022-20694

CVE-2022-20694 PUBLISHED CVSS 6.800000190734863 MEDIUM

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable.

EPSS 0.36% · 58.5th percentile

Risk Scores

CVSS 3.1
6.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.36%
58.5th percentile

Affected Products

VendorProductVersions
CiscoCisco IOS XE Softwaren/a
ciscoios_xe3.7.0xas, 3.7.1as, 3.7.1s

Exploit Intelligence

Timeline

  • Apr 15, 2022 CVE Published
  • Apr 16, 2022 EPSS Score
  • Jun 5, 2022 EPSS Score
  • Jul 26, 2022 EPSS Score
  • Sep 14, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
  • Dec 24, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 23, 2023 EPSS Score
  • Jul 12, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›