CVE-2022-20920

CVE Database · CVE-2022-20920

CVE-2022-20920

· HIGHModified

CVSS v3.1

7.7

EPSS

0.80%

Published

Oct 10, 2022

Modified

May 27, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-755CWE-755CWE-755

Affected Products (1596)

cisco · iosvulnerable

cisco · ios

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs