Cisco NCS 4000 Series Vulnerability Could Lead to Memory Leak and Denial of Service
CVE-2022-20845

6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco iOS Xr Software
Vendor: CVE Published:; 15 November 2024

Summary

A vulnerability in the TL1 function of the Cisco Network Convergence System (NCS) 4000 Series allows authenticated local attackers to trigger a memory leak by issuing TL1 commands. This occurs due to TL1 failing to free memory in certain conditions. Exploitation of this vulnerability can lead to excessive memory consumption, which ultimately causes the Resource Monitor (Resmon) process to initiate a restart or shutdown of the top memory-consuming processes. This behavior results in a denial of service (DoS) condition, impacting the availability of the affected systems. Cisco has provided software updates to mitigate the issue, with no available workarounds.

Affected Version(s)

Cisco IOS XR Software 6.5.29

Cisco IOS XR Software 6.5.26

Cisco IOS XR Software 6.5.25

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021