Vulnerability-Lookup

BDU:2023-06301

Vulnerability from fstec - Published: 27.09.2023

Title

Уязвимость компонентов Application Quality of Experience (AppQoE) и Unified Threat Defense (UTD) операционной системы Cisco IOS XE, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонентов Application Quality of Experience (AppQoE) и Unified Threat Defense (UTD) операционной системы Cisco IOS XE связана с некорректной зачисткой или освобождением ресурсов. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS XE

Software Version

17.7.1 (Cisco IOS XE), 17.7.1a (Cisco IOS XE), 17.7.2 (Cisco IOS XE), 17.10 (Cisco IOS XE), 17.10.1 (Cisco IOS XE), 17.10.1a (Cisco IOS XE), 17.8 (Cisco IOS XE), 17.8.1 (Cisco IOS XE), 17.8.1a (Cisco IOS XE), 17.9 (Cisco IOS XE), 17.9.1 (Cisco IOS XE), 17.9.2 (Cisco IOS XE), 17.9.1a (Cisco IOS XE), 17.9.2a (Cisco IOS XE), 17.7 (Cisco IOS XE)

Possible Mitigations

Использование рекомендаций производителя: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y https://vuldb.com/?id.240712

CWE

CWE-404

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "17.7.1 (Cisco IOS XE), 17.7.1a (Cisco IOS XE), 17.7.2 (Cisco IOS XE), 17.10 (Cisco IOS XE), 17.10.1 (Cisco IOS XE), 17.10.1a (Cisco IOS XE), 17.8 (Cisco IOS XE), 17.8.1 (Cisco IOS XE), 17.8.1a (Cisco IOS XE), 17.9 (Cisco IOS XE), 17.9.1 (Cisco IOS XE), 17.9.2 (Cisco IOS XE), 17.9.1a (Cisco IOS XE), 17.9.2a (Cisco IOS XE), 17.7 (Cisco IOS XE)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.10.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06301",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-20226",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS XE",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS XE 17.7.1 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.7.1a Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.7.2 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.10 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.10.1 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.10.1a Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.8 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.8.1 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.8.1a Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9.1 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9.2 Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9.1a Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9.2a Cisco 4300 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.7 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.7.1 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.7.1a Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.7.2 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.10 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.10.1 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.10.1a Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.8 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.8.1 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.8.1a Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9.1 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9.2 Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9.1a Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.9.2a Cisco 4200 Integrated Services Routers, Cisco Systems Inc. Cisco IOS XE 17.10 Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.10.1 Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.10.1a Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.8 Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.8.1 Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.8.1a Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.9 Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.9.1 Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.9.2 Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.9.1a Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.9.2a Catalyst 8000V Edge, Cisco Systems Inc. Cisco IOS XE 17.10 Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.10.1 Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.10.1a Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.8 Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.8.1a Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9 Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9.1 Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9.2 Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9.1a Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9.2a Catalyst 8200 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.10 Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.10.1 Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.10.1a Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.8 Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.8.1 Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.8.1a Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9.1 Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9 Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9.2 Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9.1a Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.9.2a Catalyst 8300 Series Edge, Cisco Systems Inc. Cisco IOS XE 17.10 Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.10.1 Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.10.1a Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.8 Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.8.1 Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.8.1a Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.9 Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.9.1 Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.9.2 Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.9.1a Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.9.2a Catalyst 8500L Series, Cisco Systems Inc. Cisco IOS XE 17.10 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.10.1 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.10.1a 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.8.1 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.8 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.8.1a 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.9 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.9.1 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.9.2 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.9.1a 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.9.2a 1100 Series ISRs, Cisco Systems Inc. Cisco IOS XE 17.10 Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.10.1 Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.10.1a Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.8 Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.8.1 Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.8.1a Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.9 Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.9.1 Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.9.2 Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.9.1a Catalyst IR8300 Rugged Series Routers, Cisco Systems Inc. Cisco IOS XE 17.9.2a Catalyst IR8300 Rugged Series Routers",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 Application Quality of Experience (AppQoE) \u0438 Unified Threat Defense (UTD) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 Application Quality of Experience (AppQoE) \u0438 Unified Threat Defense (UTD) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y\nhttps://vuldb.com/?id.240712",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-404",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}

CVE-2023-20226 (GCVE-0-2023-20226)

Vulnerability from cvelistv5 – Published: 2023-09-27 17:21 – Updated: 2024-08-02 09:05

Summary

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-456 - Missing Initialization of a Variable

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software	Affected: 17.7.1 Affected: 17.7.1a Affected: 17.7.2 Affected: 17.10.1 Affected: 17.10.1a Affected: 17.8.1 Affected: 17.8.1a Affected: 17.9.1 Affected: 17.9.2 Affected: 17.9.1a Affected: 17.9.2a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:35.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-appqoe-utd-dos-p8O57p5y",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.7.1a"
            },
            {
              "status": "affected",
              "version": "17.7.2"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.10.1a"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.8.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.1a"
            },
            {
              "status": "affected",
              "version": "17.9.2a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-456",
              "description": "Missing Initialization of a Variable",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:58:24.979Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-appqoe-utd-dos-p8O57p5y",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y"
        }
      ],
      "source": {
        "advisory": "cisco-sa-appqoe-utd-dos-p8O57p5y",
        "defects": [
          "CSCwd67335"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20226",
    "datePublished": "2023-09-27T17:21:10.910Z",
    "dateReserved": "2022-10-27T18:47:50.368Z",
    "dateUpdated": "2024-08-02T09:05:35.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2023-06301

CVE-2023-20226 (GCVE-0-2023-20226)

Tags

Sightings

Nomenclature