CVE-2022-20846

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A vulnerability in the Cisco Discovery Protocol implementation could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This issue is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device, potentially causing a heap overflow and leading to the reload of the Cisco Discovery Protocol process. The bytes that can be written in the buffer overflow are restricted, limiting remote code execution. Note that Cisco Discovery Protocol is a Layer 2 protocol, and to exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.