CVE-2022-20678
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
| Assigner | cisco |
| Reserved | 2021-11-02 |
| Published | 2022-04-15 |
| Updated | 2024-11-06 |
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload.
| CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appnav-xe-dos-j5MXTR4 (20220413 Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability)
