← Back

CVE-2022-20837

nvd nist
Published: Oct 10, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic.

Affected (1)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
1 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Ios Xe
All versions
Running on/withPlatform Versions
Cisco
Asr 1000 Esp100 X
All versions
Cisco
Asr 1000 Esp200 X
All versions
Cisco
Catalyst 8500
All versions
Cisco
Catalyst 8500 4qc
All versions

Related CWEs

CWE-754
Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.