CVE-2022-20717

CVE Database · CVE-2022-20717

CVE-2022-20717

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.19%

Published

Apr 15, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-789CWE-770

Affected Products (10)

cisco · sd-wan_vedge_routervulnerable

cisco · 1100_integrated_services_router

citrix · sd-wan_1000

citrix · sd-wan_110

citrix · sd-wan_1100

citrix · sd-wan_2000

citrix · sd-wan_210

citrix · sd-wan_2100

citrix · sd-wan_5100

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs