CVE-2023-20226Missing Initialization of a Variable in Cisco IOS XE Software

CWE-456Missing Initialization of a Variable4 documents4 sources
Severity
7.5HIGHNVD
CNA8.6
EPSS
0.2%
top 60.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 27

Description

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successfu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software11 versions+10
NVDcisco/ios_xe11 versions+10

🔴Vulnerability Details

2
CVEList
CVE-2023-20226: A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated2023-09-27
GHSA
GHSA-pp22-wchm-v8fh: A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated2023-09-27

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability2023-09-27
CVE-2023-20226 — Missing Initialization of a Variable | cvebase