How severe is CVE-2022-20823?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2022-20823?

This is classified as CWE-126, which is a common weakness in software security.

CVE-2022-20823 - HIGH Severity | CVSS 8.6

Vulnerability Description

A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory.

Related Vulnerabilities

CVE-2020-3399

HIGH

CVSS:8.6(High)

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unaut...

CWE-1262020

CVE-2021-1373

HIGH

CVSS:8.6(High)

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controll...

CWE-1262021

CVE-2021-1588

HIGH

CVSS:8.6(High)

A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) conditio...

CWE-1262021

CVE-2022-20714

HIGH

CVSS:8.6(High)

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card ...

CWE-1262022

CVE-2023-28572

HIGH

CVSS:8.8(High)

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.

CWE-1262023

CVE-2024-43595

HIGH

CVSS:8.8(High)

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CWE-1262024