1. Home
  2. CVE Database
  3. CVE-2022-20678
HIGH · 8.6

CVE-2022-20678

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) conditio...

Vulnerability Description

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIos Xe16.9.6
CiscoCatalyst 8000V Edge-
CiscoCloud Services Router 1000V-
Cisco1100-4G Integrated Services Router-
Cisco1100-6G Integrated Services Router-
Cisco1101 Integrated Services Router-
Cisco1109 Integrated Services Router-
Cisco1111X Integrated Services Router-
Cisco111X Integrated Services Router-
Cisco1120 Integrated Services Router-
Cisco1131 Integrated Services Router-
Cisco1160 Integrated Services Router-
Cisco4221 Integrated Services Router-
Cisco4331 Integrated Services Router-
Cisco4431 Integrated Services Router-
Cisco4461 Integrated Services Router-
CiscoAsr 1001-X-
CiscoAsr 1002-X-
CiscoCatalyst 8300-1N1S-4T2X-
CiscoCatalyst 8300-1N1S-6T-

Related Weaknesses (CWE)

CWE-413CWE-755

References

FAQ

What is CVE-2022-20678?

CVE-2022-20678 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) conditio...

How severe is CVE-2022-20678?

CVE-2022-20678 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-20678?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Catalyst 8000V Edge, Cisco Cloud Services Router 1000V, Cisco 1100-4G Integrated Services Router, Cisco 1100-6G Integrated Services Router.