CVE-2022-20915

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*

History

13 Oct 2022, 19:57

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.4
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv - Vendor Advisory
First Time		Cisco Cisco ios Xe
CPE		cpe:2.3:o:cisco:ios_xe:-:::::::*
CWE		CWE-436

10 Oct 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-10 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-20915

Mitre link : CVE-2022-20915

CVE.ORG link : CVE-2022-20915

JSON object : View

Products Affected

cisco

ios_xe

CWE

CWE-436

Interpretation Conflict

CWE-115

Misinterpretation of Input

{"id": "CVE-2022-20915", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2022-10-10T21:15:10.340", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-436"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-115"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de IPv6 VPN sobre MPLS (6VPE) con Zone-Based Firewall (ZBFW) del software Cisco IOS XE podr\u00eda permitir a un atacante adyacente no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad es debido al manejo inapropiado de errores de un paquete IPv6 que es reenviado desde una interfaz MPLS y ZBFW habilitada en una implementaci\u00f3n 6VPE. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete IPv6 dise\u00f1ado desde un dispositivo en la interfaz de enrutamiento y reenv\u00edo virtual (VRF) habilitada para IPv6 a trav\u00e9s del dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante recargar el dispositivo, resultando en una condici\u00f3n de DoS"}], "lastModified": "2023-11-07T03:43:19.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7D95E8A-8F0B-44E5-B266-09E10BAAEC55"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}