Cisco PPPoE Vulnerability Could Lead to Denial of Service
CVE-2022-20849

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco iOS Xr Software
Vendor: CVE Published:; 15 November 2024

Summary

A weakness within the Broadband Network Gateway PPPoE feature of Cisco IOS XR Software enables an attacker to exploit the system by sending a specifically crafted sequence of PPPoE packets from compromised customer premises equipment (CPE). This vulnerability arises when the PPPoE feature inadequately processes an error condition, leading to continuous crashing of the PPPoE process. As a result, the system may experience a denial of service, significantly impacting network availability. Cisco has released software updates to rectify this issue, and no workarounds are available. For more information, refer to Cisco's security advisory for comprehensive updates.

Affected Version(s)

Cisco IOS XR Software 6.5.3

Cisco IOS XR Software 6.6.1

Cisco IOS XR Software 6.5.15

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021