CVE-2022-20678

CVE Database · CVE-2022-20678

CVE-2022-20678

· HIGHModified

CVSS v3.1

8.6

EPSS

0.90%

Published

Apr 15, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-413CWE-755

Affected Products (28)

cisco · ios_xevulnerable

cisco · catalyst_8000v_edge

cisco · cloud_services_router_1000v

cisco · 1100-4g_integrated_services_router

cisco · 1100-6g_integrated_services_router

cisco · 1101_integrated_services_router

cisco · 1109_integrated_services_router

cisco · 1111x_integrated_services_router

cisco · 111x_integrated_services_router

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appnav-xe-dos-j5MXTR4

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appnav-xe-dos-j5MXTR4

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs