1. Home
  2. CVE Database
  3. CVE-2022-20849
MEDIUM · 6.1

CVE-2022-20849

A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continu...

Vulnerability Description

A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by sending a sequence of specific PPPoE packets from controlled customer premises equipment (CPE). A successful exploit could allow the attacker to cause the PPPoE process to continually restart, resulting in a denial of service condition (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIos Xr6.5.1
CiscoAsr 9006-
CiscoAsr 9010-
CiscoAsr 9901-
CiscoAsr 9902-
CiscoAsr 9903-
CiscoAsr 9904-
CiscoAsr 9906-
CiscoAsr 9910-
CiscoAsr 9912-
CiscoAsr 9922-
CiscoIos Xrv 9000-

Related Weaknesses (CWE)

CWE-391

References

FAQ

What is CVE-2022-20849?

CVE-2022-20849 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continu...

How severe is CVE-2022-20849?

CVE-2022-20849 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-20849?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr, Cisco Asr 9006, Cisco Asr 9010, Cisco Asr 9901, Cisco Asr 9902.