CVE-2022-20697

EPSS 0.45%
Published 15.04.2022 15:15:12
Last modified 21.11.2024 06:43:21
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Version15.1(3)svr1

Cisco ≫ Ios Version15.1(3)svr2

Cisco ≫ Ios Version15.1(3)svr3

Cisco ≫ Ios Version15.1(3)svs

Cisco ≫ Ios Version15.1(3)svs1

Cisco ≫ Ios Version15.1(3)svt1

Cisco ≫ Ios Version15.1(3)svt2

Cisco ≫ Ios Version15.1(3)svt3

Cisco ≫ Ios Version15.1(3)svu1

Cisco ≫ Ios Version15.1(3)svu2

Cisco ≫ Ios Version15.1(3)svu10

Cisco ≫ Ios Version15.1(3)svv1

Cisco ≫ Ios Version15.2(7)e3

Cisco ≫ Ios Version15.2(7)e3a

Cisco ≫ Ios Version15.2(7)e3k

Cisco ≫ Ios Version15.2(7)e4

Cisco ≫ Ios Version15.2(8)e

Cisco ≫ Ios Version15.2(234k)e

Cisco ≫ Ios Version15.3(3)jk100

Cisco ≫ Ios Version15.3(3)jpj8

Cisco ≫ Ios Version15.9(3)m2

Cisco ≫ Ios Version15.9(3)m2a

Cisco ≫ Ios Version15.9(3)m3

Cisco ≫ Ios Version15.9(3)m3a

Cisco ≫ Ios Version15.9(3)m3b

Cisco ≫ Ios Version15.9(3)m4

Cisco ≫ Ios Xe Version3.11.3ae

Cisco ≫ Ios Xe Version3.11.3e

Cisco ≫ Ios Xe Version3.11.4e

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.45%	0.623

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C
psirt@cisco.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-691 Insufficient Control Flow Management

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-20697

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20697

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20697

EUVD