5.5
CVE-2022-20717
- EPSS 0.06%
- Published 15.04.2022 15:15:13
- Last modified 21.11.2024 06:43:24
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Sd-wan Vedge Router Version <= 20.6
Cisco ≫ 1100 Integrated Services Router Version-
Citrix ≫ Sd-wan 1000 Version-
Citrix ≫ Sd-wan 110 Version-
Citrix ≫ Sd-wan 1100 Version-
Citrix ≫ Sd-wan 2000 Version-
Citrix ≫ Sd-wan 210 Version-
Citrix ≫ Sd-wan 2100 Version-
Citrix ≫ Sd-wan 5100 Version-
Citrix ≫ Sd-wan 1000 Version-
Citrix ≫ Sd-wan 110 Version-
Citrix ≫ Sd-wan 1100 Version-
Citrix ≫ Sd-wan 2000 Version-
Citrix ≫ Sd-wan 210 Version-
Citrix ≫ Sd-wan 2100 Version-
Citrix ≫ Sd-wan 5100 Version-
Cisco ≫ Sd-wan Vedge Router Version20.7
Cisco ≫ 1100 Integrated Services Router Version-
Citrix ≫ Sd-wan 1000 Version-
Citrix ≫ Sd-wan 110 Version-
Citrix ≫ Sd-wan 1100 Version-
Citrix ≫ Sd-wan 2000 Version-
Citrix ≫ Sd-wan 210 Version-
Citrix ≫ Sd-wan 2100 Version-
Citrix ≫ Sd-wan 5100 Version-
Citrix ≫ Sd-wan 1000 Version-
Citrix ≫ Sd-wan 110 Version-
Citrix ≫ Sd-wan 1100 Version-
Citrix ≫ Sd-wan 2000 Version-
Citrix ≫ Sd-wan 210 Version-
Citrix ≫ Sd-wan 2100 Version-
Citrix ≫ Sd-wan 5100 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.182 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
| psirt@cisco.com | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.