CVE-2022-20697
Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
Severity Score
8.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Una vulnerabilidad en la interfaz de servicios web de Cisco IOS Software and Cisco IOS XE Software podría permitir a un atacante remoto autenticado causar una condición de denegación de servicio (DoS). Esta vulnerabilidad es debido a una administración inapropiada de los recursos en el código del servidor HTTP. Un atacante podría explotar esta vulnerabilidad mediante el envío de un gran número de peticiones HTTP a un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar a el dispositivo recargarse, resultando en una condición de DoS
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-02 CVE Reserved
- 2022-04-15 CVE Published
- 2024-11-06 CVE Updated
- 2024-11-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-691: Insufficient Control Flow Management
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svr1 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svr1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svr2 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svr2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svr3 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svr3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svs Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svs" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svs1 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svs1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svt1 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svt1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svt2 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svt2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svt3 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svt3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svu1 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svu1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svu2 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svu2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svu10 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svu10" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svv1 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svv1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(7\)e3 Search vendor "Cisco" for product "Ios" and version "15.2\(7\)e3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(7\)e3a Search vendor "Cisco" for product "Ios" and version "15.2\(7\)e3a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(7\)e3k Search vendor "Cisco" for product "Ios" and version "15.2\(7\)e3k" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(7\)e4 Search vendor "Cisco" for product "Ios" and version "15.2\(7\)e4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(8\)e Search vendor "Cisco" for product "Ios" and version "15.2\(8\)e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(234k\)e Search vendor "Cisco" for product "Ios" and version "15.2\(234k\)e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jk100 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jk100" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jpj8 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jpj8" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.9\(3\)m2 Search vendor "Cisco" for product "Ios" and version "15.9\(3\)m2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.9\(3\)m2a Search vendor "Cisco" for product "Ios" and version "15.9\(3\)m2a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.9\(3\)m3 Search vendor "Cisco" for product "Ios" and version "15.9\(3\)m3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.9\(3\)m3a Search vendor "Cisco" for product "Ios" and version "15.9\(3\)m3a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.9\(3\)m3b Search vendor "Cisco" for product "Ios" and version "15.9\(3\)m3b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.9\(3\)m4 Search vendor "Cisco" for product "Ios" and version "15.9\(3\)m4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.11.3ae Search vendor "Cisco" for product "Ios Xe" and version "3.11.3ae" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.11.3e Search vendor "Cisco" for product "Ios Xe" and version "3.11.3e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.11.4e Search vendor "Cisco" for product "Ios Xe" and version "3.11.4e" | - |
Affected
| ||||||