Vulnerability Description
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sd-Wan Vedge Router | <= 20.6 |
| Cisco | 1100 Integrated Services Router | - |
| Citrix | Sd-Wan 1000 | - |
| Citrix | Sd-Wan 110 | - |
| Citrix | Sd-Wan 1100 | - |
| Citrix | Sd-Wan 2000 | - |
| Citrix | Sd-Wan 210 | - |
| Citrix | Sd-Wan 2100 | - |
| Citrix | Sd-Wan 5100 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
FAQ
What is CVE-2022-20717?
CVE-2022-20717 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (Do...
How severe is CVE-2022-20717?
CVE-2022-20717 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20717?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sd-Wan Vedge Router, Cisco 1100 Integrated Services Router, Citrix Sd-Wan 1000, Citrix Sd-Wan 110, Citrix Sd-Wan 1100.