CVE-2023-20226

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Published: Sep 27, 2023
Updated: Oct 7, 2023
CVE: CVE-2023-20226
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	17.7.1	17.7.1.x
cisco / ios_xe	17.7.1a	17.7.1a.x
cisco / ios_xe	17.7.2	17.7.2.x
cisco / ios_xe	17.8.1	17.8.1.x
cisco / ios_xe	17.8.1a	17.8.1a.x
cisco / ios_xe	17.9.1	17.9.1.x
cisco / ios_xe	17.9.1a	17.9.1a.x
cisco / ios_xe	17.9.2	17.9.2.x
cisco / ios_xe	17.9.2a	17.9.2a.x
cisco / ios_xe	17.10.1	17.10.1.x
cisco / ios_xe	17.10.1a	17.10.1a.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y

Vulnerability Database

289,599

CVE-2023-20226