{"api_version":"1","generated_at":"2026-04-26T09:26:04+00:00","cve":"CVE-2022-20920","urls":{"html":"https://cve.report/CVE-2022-20920","api":"https://cve.report/api/cve/CVE-2022-20920.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-20920","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-20920"},"summary":{"title":"CVE-2022-20920","description":"A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2022-10-10 21:15:00","updated_at":"2023-11-07 03:43:00"},"problem_types":["CWE-755"],"metrics":[],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk","name":"20220928 Cisco IOS and IOS XE Software SSH Denial of Service  Vulnerability","refsource":"CISCO","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-20920","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-20920","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"20920","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"ios","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"20920","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"ios_xe","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-20920","qid":"317229","title":"Cisco Internetwork Operating System (IOS) and IOS XE Software SSH Denial of Service (DoS) Vulnerability (cisco-sa-ssh-excpt-dos-FzOBQTnk)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","DATE_PUBLIC":"2022-09-28T16:00:00","ID":"CVE-2022-20920","STATE":"PUBLIC","TITLE":"Cisco IOS and IOS XE Software SSH Denial of Service  Vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Cisco IOS ","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"Cisco"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload."}]},"exploit":[{"lang":"eng","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}],"impact":{"cvss":{"baseScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H ","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-755"}]}]},"references":{"reference_data":[{"name":"20220928 Cisco IOS and IOS XE Software SSH Denial of Service  Vulnerability","refsource":"CISCO","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk"}]},"source":{"advisory":"cisco-sa-ssh-excpt-dos-FzOBQTnk","defect":[["CSCvx63027"]],"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2022-10-10 21:15:00","lastModifiedDate":"2023-11-07 03:43:00","problem_types":["CWE-755"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.7,"baseSeverity":"HIGH"},"exploitabilityScore":3.1,"impactScore":4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"20920","Ordinal":"220106","Title":"CVE-2022-20920","CVE":"CVE-2022-20920","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"20920","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}