#VU81288 Input validation error in Cisco Systems, Inc products - CVE-2023-20226
Published: September 29, 2023
Vulnerability identifier: #VU81288
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-20226
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
4200 Series Integrated Services Routers
4300 Series Integrated Services Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Series Edge Platforms
ISR1100 Series Routers
Catalyst IR8300 Rugged Series Router
Cisco IOS XE
4200 Series Integrated Services Routers
4300 Series Integrated Services Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Series Edge Platforms
ISR1100 Series Routers
Catalyst IR8300 Rugged Series Router
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD). A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.