Lucene search

[email protected]CVE-2022-20678

HistoryApr 15, 2022 - 3:15 p.m.

CVE-2022-20678

2022-04-1515:15:12

CWE-413

CWE-755

[email protected]

web.nvd.nist.gov

cisco

ios

software

vulnerability

remote

dos

attack

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

49.6%

JSON

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload.

Affected configurations

NVD

Node

ciscoios_xeMatch16.9.6

ciscoios_xeMatch16.12.4

ciscoios_xeMatch16.12.5

ciscoios_xeMatch17.3.3

AND

ciscocatalyst_8000v_edgeMatch-

ciscocloud_services_router_1000vMatch-

cisco1100-4g_integrated_services_routerMatch-

cisco1100-6g_integrated_services_routerMatch-

cisco1101_integrated_services_routerMatch-

cisco1109_integrated_services_routerMatch-

cisco1111x_integrated_services_routerMatch-

cisco111x_integrated_services_routerMatch-

cisco1120_integrated_services_routerMatch-

cisco1131_integrated_services_routerMatch-

cisco1160_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

ciscoasr_1001-xMatch-

ciscoasr_1002-xMatch-

ciscocatalyst_8300-1n1s-4t2xMatch-

ciscocatalyst_8300-1n1s-6tMatch-

ciscocatalyst_8300-2n2s-4t2xMatch-

ciscocatalyst_8300-2n2s-6tMatch-

ciscocatalyst_8500Match-

ciscocatalyst_8500-4qcMatch-

ciscocatalyst_8500lMatch-

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq16.9.6
cisco:ios_xecisco ios xeeq16.12.4
cisco:ios_xecisco ios xeeq16.12.5
cisco:ios_xecisco ios xeeq17.3.3

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	16.9.6
cisco:ios_xe	cisco ios xe	eq	16.12.4
cisco:ios_xe	cisco ios xe	eq	16.12.5
cisco:ios_xe	cisco ios xe	eq	17.3.3

CNA Affected

[
  {
    "product": "Cisco IOS XE Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appnav-xe-dos-j5MXTR4

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

49.6%

JSON

Related for CVE-2022-20678

cvelist1 cnvd1 nvd1 cisco1 prion1