How severe is CVE-2022-20937?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-20937?

This is classified as CWE-410, which is a common weakness in software security.

CVE-2022-20937 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2022-40224

MEDIUM

CVSS:5.3(Medium)

A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. ...

CWE-4102022

CVE-2023-7033

MEDIUM

CVSS:5.3(Medium)

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, ME...

CWE-4102023

CVE-2025-27694

MEDIUM

CVSS:5.3(Medium)

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability...

CWE-4102025

CVE-2024-7392

MEDIUM

CVSS:4.3(Medium)

ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Ch...

CWE-4102024

CVE-2022-22191

MEDIUM

CVSS:6.5(Medium)

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unaut...

CWE-4102022

CVE-2025-20103

MEDIUM

CVSS:6.5(Medium)

Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

CWE-4102025