CVE-2022-20697

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Published: Apr 15, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-20697
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

CWEs:

CWE-772

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	3.11.3e	3.11.3e.x
cisco / ios	15.1(3)svs	15.1(3)svs.x
cisco / ios	15.1(3)svr1	15.1(3)svr1.x
cisco / ios_xe	3.11.3ae	3.11.3ae.x
cisco / ios	15.9(3)m2a	15.9(3)m2a.x
cisco / ios	15.1(3)svr2	15.1(3)svr2.x
cisco / ios	15.1(3)svr3	15.1(3)svr3.x
cisco / ios	15.1(3)svs1	15.1(3)svs1.x
cisco / ios	15.9(3)m2	15.9(3)m2.x
cisco / ios	15.2(7)e3	15.2(7)e3.x
cisco / ios	15.2(7)e3k	15.2(7)e3k.x
cisco / ios	15.1(3)svt1	15.1(3)svt1.x
cisco / ios	15.9(3)m3	15.9(3)m3.x
cisco / ios	15.1(3)svu1	15.1(3)svu1.x
cisco / ios	15.2(8)e	15.2(8)e.x
cisco / ios	15.1(3)svt2	15.1(3)svt2.x
cisco / ios	15.9(3)m3b	15.9(3)m3b.x
cisco / ios_xe	3.11.4e	3.11.4e.x
cisco / ios	15.9(3)m3a	15.9(3)m3a.x
cisco / ios	15.2(7)e4	15.2(7)e4.x
cisco / ios	15.2(234k)e	15.2(234k)e.x
cisco / ios	15.3(3)jk100	15.3(3)jk100.x
cisco / ios	15.2(7)e3a	15.2(7)e3a.x
cisco / ios	15.1(3)svu10	15.1(3)svu10.x
cisco / ios	15.9(3)m4	15.9(3)m4.x
cisco / ios	15.3(3)jpj8	15.3(3)jpj8.x
cisco / ios	15.1(3)svv1	15.1(3)svv1.x
cisco / ios	15.1(3)svt3	15.1(3)svt3.x
cisco / ios	15.1(3)svu2	15.1(3)svu2.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS

Vulnerability Database

289,599

CVE-2022-20697