CVE-2022-20837 — Improper Check for Unusual or Exceptional Conditions in Cisco IOS XE Software

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.9%

top 23.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software

Timeline

PublishedOct 10

Latest updateOct 11

Description

A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A succes…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-7cwr-j6cv-fjjp: A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software co↗2022-10-11

▶

CVEList

Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability↗2022-10-10

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability↗2022-09-28

▶