CVE-2022-20717
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD
Description
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.
Affected (2)
Products: Cisco: Sd Wan Vedge Router
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 20.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 Integrated Services Router | All versions |
Citrix Sd Wan 1000 | All versions |
Citrix Sd Wan 110 | All versions |
Citrix Sd Wan 1100 | All versions |
Citrix Sd Wan 2000 | All versions |
Citrix Sd Wan 210 | All versions |
Citrix Sd Wan 2100 | All versions |
Citrix Sd Wan 5100 | All versions |
Related CWEs
CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
CWE-789
Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.