CVE-2022-20845

Name of the Vulnerable Software and Affected Versions Cisco Network Convergence System (NCS) 4000 Series (affected versions not specified)

Description The issue is related to the TL1 function of the Cisco Network Convergence System (NCS) 4000 Series, which is associated with uncontrolled memory allocation. An attacker could exploit this by connecting to the device, authenticating, and issuing TL1 commands, potentially causing the TL1 process to consume large amounts of memory. When the memory reaches a threshold, the Resource Monitor process will begin to restart or shutdown the top five consumers of memory, resulting in a denial of service.

Recommendations For the Cisco Network Convergence System (NCS) 4000 Series, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider restricting access to the TL1 function to minimize the risk of exploitation. There are no other workarounds that address this issue.