CVE-2022-20919

Name of the Vulnerable Software and Affected Versions Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified)

Description The issue is related to insufficient input validation during the processing of Common Industrial Protocol (CIP) packets, which could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a malformed CIP packet to an affected device. The exploitation could lead to the affected device reloading, causing a DoS condition.

Recommendations For Cisco IOS Software, update to a version that includes the fix for this issue. For Cisco IOS XE Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CIP protocol to minimize the risk of exploitation.