CVE-2022-20678Improper Resource Locking in Cisco IOS XE Software

CWE-413Improper Resource LockingCWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
7.5HIGHNVD
CNA8.6
EPSS
0.3%
top 47.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedApr 15
Latest updateApr 16

Description

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successf

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xe4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-5gpx-8gpr-wpj2: A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reloa2022-04-16
CVEList
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability2022-04-15

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability2022-04-13
CVE-2022-20678 — Improper Resource Locking in Cisco | cvebase