VDB

CVE-2022-20714

CVE-2022-20714 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card.

EPSS 1.83% · 83.3th percentile

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
1.83%
83.3th percentile

Affected Products

VendorProductVersions
ciscoios_xr
CiscoCisco IOS XR Softwaren/a

Exploit Intelligence

Timeline

  • Apr 14, 2022 CVE Published
  • Apr 16, 2022 EPSS Score
  • Jun 5, 2022 EPSS Score
  • Jul 26, 2022 EPSS Score
  • Sep 14, 2022 EPSS Score
  • Dec 24, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 23, 2023 EPSS Score
  • Jul 12, 2023 EPSS Score
  • Aug 31, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›