Main Vulnerability Database Vulnerabilities #VU62338

#VU62338 Input validation error in Cisco Systems, Inc products - CVE-2022-20679

Published: April 14, 2022

Vulnerability identifier: #VU62338

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-20679

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE
Cisco 1000 Series Integrated Services Routers
4221 Integrated Services Routers
4321 Integrated Services Routers
4331 Integrated Services Routers
4351 Integrated Services Routers
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the IPSec decryption routine. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qfp-ipsec-GQmqvtqV