CVE-2022-20679Improper Input Validation in Cisco IOS XE Software

CWE-20Improper Input Validation4 documents4 sources
Severity
7.7HIGHNVD
CNA6.8
EPSS
0.7%
top 27.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedApr 15
Latest updateApr 16

Description

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe109 versions+108

🔴Vulnerability Details

2
GHSA
GHSA-hjgj-jq86-rpmm: A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device t2022-04-16
CVEList
Cisco IOS XE Software IPSec Denial of Service Vulnerability2022-04-15

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software IPSec Denial of Service Vulnerability2022-04-13
CVE-2022-20679 — Improper Input Validation in Cisco | cvebase