Lucene search

CiscoCVE-2023-20226

HistorySep 27, 2023 - 6:15 p.m.

CVE-2023-20226

2023-09-2718:15:11

CWE-456

cisco

web.nvd.nist.gov

cisco

ios xe software

vulnerability

appqoe

utd

dos

nvd

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

32.9%

JSON

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Affected configurations

Nvd

Vulners

Node

ciscoios_xeMatch17.7.1

ciscoios_xeMatch17.7.1a

ciscoios_xeMatch17.7.2

ciscoios_xeMatch17.8.1

ciscoios_xeMatch17.8.1a

ciscoios_xeMatch17.9.1

ciscoios_xeMatch17.9.1a

ciscoios_xeMatch17.9.2

ciscoios_xeMatch17.9.2a

ciscoios_xeMatch17.10.1

ciscoios_xeMatch17.10.1a

AND

ciscocatalyst_8000v_edgeMatch-

cisco1100-4g_integrated_services_routerMatch-

cisco1100-4gltegb_integrated_services_routerMatch-

cisco1100-4gltena_integrated_services_routerMatch-

cisco1100-6g_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4321\/k9-rf_integrated_services_routerMatch-

cisco4321\/k9-ws_integrated_services_routerMatch-

cisco4321\/k9_integrated_services_routerMatch-

cisco4321_integrated_services_routerMatch-

cisco4331\/k9-rf_integrated_services_routerMatch-

cisco4331\/k9-ws_integrated_services_routerMatch-

cisco4331\/k9_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4351\/k9-rf_integrated_services_routerMatch-

cisco4351\/k9-ws_integrated_services_routerMatch-

cisco4351\/k9_integrated_services_routerMatch-

cisco4351_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

ciscoc8200-1n-4tMatch-

ciscoc8200l-1n-4tMatch-

ciscoc8500l-8s4xMatch-

ciscocatalyst_8300-1n1s-4t2xMatch-

ciscocatalyst_8300-1n1s-6tMatch-

ciscocatalyst_8300-2n2s-4t2xMatch-

ciscocatalyst_8300-2n2s-6tMatch-

ciscocatalyst_ir8340Match-

VendorProductVersionCPE
ciscoios_xe17.7.1cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*
ciscoios_xe17.7.1acpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*
ciscoios_xe17.7.2cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*
ciscoios_xe17.8.1cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*
ciscoios_xe17.8.1acpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*
ciscoios_xe17.9.1cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*
ciscoios_xe17.9.1acpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*
ciscoios_xe17.9.2cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*
ciscoios_xe17.9.2acpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*
ciscoios_xe17.10.1cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	17.7.1	cpe:2.3:o:cisco:ios_xe:17.7.1:::::::*
cisco	ios_xe	17.7.1a	cpe:2.3:o:cisco:ios_xe:17.7.1a:::::::*
cisco	ios_xe	17.7.2	cpe:2.3:o:cisco:ios_xe:17.7.2:::::::*
cisco	ios_xe	17.8.1	cpe:2.3:o:cisco:ios_xe:17.8.1:::::::*
cisco	ios_xe	17.8.1a	cpe:2.3:o:cisco:ios_xe:17.8.1a:::::::*
cisco	ios_xe	17.9.1	cpe:2.3:o:cisco:ios_xe:17.9.1:::::::*
cisco	ios_xe	17.9.1a	cpe:2.3:o:cisco:ios_xe:17.9.1a:::::::*
cisco	ios_xe	17.9.2	cpe:2.3:o:cisco:ios_xe:17.9.2:::::::*
cisco	ios_xe	17.9.2a	cpe:2.3:o:cisco:ios_xe:17.9.2a:::::::*
cisco	ios_xe	17.10.1	cpe:2.3:o:cisco:ios_xe:17.10.1:::::::*

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IOS XE Software",
    "versions": [
      {
        "version": "17.7.1",
        "status": "affected"
      },
      {
        "version": "17.7.1a",
        "status": "affected"
      },
      {
        "version": "17.7.2",
        "status": "affected"
      },
      {
        "version": "17.10.1",
        "status": "affected"
      },
      {
        "version": "17.10.1a",
        "status": "affected"
      },
      {
        "version": "17.8.1",
        "status": "affected"
      },
      {
        "version": "17.8.1a",
        "status": "affected"
      },
      {
        "version": "17.9.1",
        "status": "affected"
      },
      {
        "version": "17.9.2",
        "status": "affected"
      },
      {
        "version": "17.9.1a",
        "status": "affected"
      },
      {
        "version": "17.9.2a",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

32.9%

JSON

Related for CVE-2023-20226