cve-2022-20697
Vulnerability from cvelistv5
Published
2022-04-15 14:15
Modified
2024-11-06 16:27
Severity ?
EPSS score ?
Summary
Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:24:48.471Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220413 Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20697", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:01:46.034977Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:27:04.579Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-04-13T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-691", "description": "CWE-691", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-15T14:15:45", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220413 Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS" } ], "source": { "advisory": "cisco-sa-http-dos-svOdkdBS", "defect": [ [ "CSCvx42406" ] ], "discovery": "INTERNAL" }, "title": "Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-04-13T16:00:00", "ID": "CVE-2022-20697", "STATE": "PUBLIC", "TITLE": "Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IOS", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-691" } ] } ] }, "references": { "reference_data": [ { "name": "20220413 Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS" } ] }, "source": { "advisory": "cisco-sa-http-dos-svOdkdBS", "defect": [ [ "CSCvx42406" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20697", "datePublished": "2022-04-15T14:15:45.549909Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:27:04.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-20697\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2022-04-15T15:15:12.967\",\"lastModified\":\"2023-11-07T03:42:39.340\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de servicios web de Cisco IOS Software and Cisco IOS XE Software podr\u00eda permitir a un atacante remoto autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad es debido a una administraci\u00f3n inapropiada de los recursos en el c\u00f3digo del servidor HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un gran n\u00famero de peticiones HTTP a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar a el dispositivo recargarse, resultando en una condici\u00f3n de DoS\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-772\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-691\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svr1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"806D2FF1-EADA-44C8-94BD-6BC18D138150\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svr2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"643D7544-34DA-46D9-831F-421ED00F3579\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svr3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6354447-07DF-4913-82D9-BF249663499F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svs:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46EC35AA-4BD3-4FBB-878D-3313D37D9AAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svs1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAC36DC-F4C5-4C4C-9C27-20FD45AA4A85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svt1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66BD52DF-E396-415D-B46E-A8814579A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svt2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A7CF9A-E1A7-4C1B-9015-5BC577805D9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svt3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C17AB3-4EFC-478D-A447-43F444B4CDF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svu1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C9711B4-23FF-4C41-86F5-94D5E941453B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svu2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2710C44B-A353-4BCF-85E8-525AAF839A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svu10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE460A37-D782-4DB2-9F18-44D16C45618A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.1\\\\(3\\\\)svv1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2A5EA4A-A127-4363-90F7-B21E9A086C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.2\\\\(7\\\\)e3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F980EFA3-BB92-49D3-8D5F-2804BB44ABB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.2\\\\(7\\\\)e3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6935EBC4-3881-46F4-B608-8E6C9EF8E37C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.2\\\\(7\\\\)e3k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D6D0AA7-E879-4303-AB2D-4FEF3574B60E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.2\\\\(7\\\\)e4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"345C9300-CAC2-4427-A6B4-8DBC72573E00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.2\\\\(8\\\\)e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFF00927-80B0-4BE3-BF7C-E663A5E7763A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.2\\\\(234k\\\\)e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93681DCF-D5ED-4909-B41F-C7CB975DE282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.3\\\\(3\\\\)jk100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BF0C320-9055-4E71-808A-BF2B8E00B443\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.3\\\\(3\\\\)jpj8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B04C67-F67A-4B7D-9826-D16DC88BD8A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A1AF57E-79E9-40F2-817A-5E7D2760F1E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF9CEA3-054B-4469-A10F-DFCB9057E5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8313597-49A9-4918-B8D5-8E53C5C9AFAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31D6B0E4-92F1-42FD-92DA-887D3D38CEBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m3b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13C6DA27-2445-4850-B0EF-82EE8C01C0B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63BEFCC8-CC04-4C41-B31A-BF01E40FA1AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:3.11.3ae:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C1CA89-0FE4-4DC3-BB4B-299114E172AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:3.11.3e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F79BC92-0869-447C-AF34-3FBF42375D1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:3.11.4e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4615A652-96A3-4809-94C0-7B7BF607B519\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.