CVE-2022-20848Uncontrolled Resource Consumption in Cisco IOS XE Software

CWE-399CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGHNVD
CNA8.6
EPSS
1.6%
top 18.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 30
Latest updateOct 1

Description

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, result

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xe17.6.1, 17.6.3, 17.9.1+2

🔴Vulnerability Details

2
GHSA
GHSA-c26m-p2mq-4vrw: A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points c2022-10-01
CVEList
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability2022-09-30

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability2022-09-28
CVE-2022-20848 — Uncontrolled Resource Consumption | cvebase