A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload.
References
| Link | Resource |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appnav-xe-dos-j5MXTR4 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
22 May 2023, 18:57
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1111x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_111x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-6g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1131:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:* |
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1131_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:* |
| First Time |
Cisco 1111x Integrated Services Router
Cisco 1120 Integrated Services Router Cisco 4221 Integrated Services Router Cisco 4431 Integrated Services Router Cisco 1109 Integrated Services Router Cisco 4461 Integrated Services Router Cisco 1100-4g Integrated Services Router Cisco 4331 Integrated Services Router Cisco 1131 Integrated Services Router Cisco 1160 Integrated Services Router Cisco 1100-6g Integrated Services Router Cisco 1101 Integrated Services Router Cisco 111x Integrated Services Router |
Information
Published : 2022-04-15 15:15
Updated : 2023-11-07 03:42
NVD link : CVE-2022-20678
Mitre link : CVE-2022-20678
JSON object : View
Products Affected
cisco
- asr_1001-x
- 4461_integrated_services_router
- catalyst_8500
- 1100-4g_integrated_services_router
- catalyst_8300-1n1s-6t
- ios_xe
- 1109_integrated_services_router
- 4331_integrated_services_router
- 4221_integrated_services_router
- catalyst_8500l
- catalyst_8300-2n2s-4t2x
- 1131_integrated_services_router
- 4431_integrated_services_router
- 111x_integrated_services_router
- 1120_integrated_services_router
- 1111x_integrated_services_router
- catalyst_8500-4qc
- catalyst_8000v_edge
- 1101_integrated_services_router
- asr_1002-x
- catalyst_8300-1n1s-4t2x
- catalyst_8300-2n2s-6t
- 1100-6g_integrated_services_router
- cloud_services_router_1000v
- 1160_integrated_services_router
CWE
CWE-755
Improper Handling of Exceptional Conditions