How severe is CVE-2022-20845?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2022-20845?

This is classified as CWE-789, which is a common weakness in software security.

CVE-2022-20845 - MEDIUM Severity | CVSS 6

Vulnerability Description

A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful exploit could allow the attacker to cause the TL1 process to consume large amounts of memory. When the memory reaches a threshold, the Resource Monitor (Resmon) process will begin to restart or shutdown the top five consumers of memory, resulting in a denial of service (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .

Related Vulnerabilities

CVE-2024-2494

MEDIUM

CVSS:6.2(Medium)

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passin...

CWE-7892024

CVE-2018-12541

MEDIUM

CVSS:6.5(Medium)

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There s...

CWE-7892018

CVE-2020-8551

MEDIUM

CVSS:6.5(Medium)

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP ...

CWE-7892020

CVE-2021-1283

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be rest...

CWE-7892021

CVE-2021-1568

MEDIUM

CVSS:5.5(Medium)

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerabili...

CWE-7892021

CVE-2021-27906

MEDIUM

CVSS:5.5(Medium)

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

CWE-7892021