Update CVE-2022-20920.json

2025-08-04 08:44:25 +00:00 · 2022-10-10 11:31:30 -04:00 · 2022-10-10 11:31:30 -04:00 · 2c38fa17bf
commit 2c38fa17bf
parent 53a877a30c
1 changed files with 86 additions and 0 deletions
--- a/2022/20xxx/CVE-2022-20920.json
+++ b/2022/20xxx/CVE-2022-20920.json
@ -0,0 +1,86 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2022-09-28T16:00:00",
+        "ID": "CVE-2022-20920",
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco IOS and IOS XE Software SSH Denial of Service  Vulnerability"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco IOS ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "\r A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.\r This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.\r "
+            }
+        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "7.7",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-755"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20220928 Cisco IOS and IOS XE Software SSH Denial of Service  Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-ssh-excpt-dos-FzOBQTnk",
+        "defect": [
+            [
+                "CSCvx63027"
+            ]
+        ],
+        "discovery": "INTERNAL"
+    }
+}