How severe is CVE-2022-20679?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2022-20679?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2022-20679

HIGH Year: 2022

CVSS v3 Score

7.7

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-20

View all →

Vulnerability Description

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit could allow the attacker to cause the device to reload. To exploit this vulnerability, the attacker may need access to the trusted network where the affected device is in order to send specific packets to be processed by the device. All network devices between the attacker and the affected device must support an MTU of 1800 bytes or greater. This access requirement could limit the possibility of a successful exploit.

CVE-2016-8631

HIGH

CVSS:7.7(High)

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect netw...

CWE-202016

CVE-2018-0456

HIGH

CVSS:7.7(High)

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affect...

CWE-202018

CVE-2018-1000026

HIGH

CVSS:7.7(High)

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware...

CWE-202018

CVE-2018-8218

HIGH

CVSS:7.7(High)

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-...

CWE-202018

CVE-2019-15276

HIGH

CVSS:7.7(High)

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected ...

CWE-202019

CVE-2019-15966

HIGH

CVSS:7.7(High)

A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Th...

CWE-202019

CVE-2022-20679

Vulnerability Description

Related Vulnerabilities

CVE-2016-8631

CVE-2018-0456

CVE-2018-1000026

CVE-2018-8218

CVE-2019-15276

CVE-2019-15966