1. Home
  2. CVE Database
  3. CVE-2023-20226
HIGH · 8.6

CVE-2023-20226

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to r...

Vulnerability Description

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIos Xe17.7.1
CiscoCatalyst 8000V Edge-
Cisco1100-4G Integrated Services Router-
Cisco1100-4Gltegb Integrated Services Router-
Cisco1100-4Gltena Integrated Services Router-
Cisco1100-6G Integrated Services Router-
Cisco4221 Integrated Services Router-
Cisco4321\/K9-Rf Integrated Services Router-
Cisco4321\/K9-Ws Integrated Services Router-
Cisco4321\/K9 Integrated Services Router-
Cisco4321 Integrated Services Router-
Cisco4331\/K9-Rf Integrated Services Router-
Cisco4331\/K9-Ws Integrated Services Router-
Cisco4331\/K9 Integrated Services Router-
Cisco4331 Integrated Services Router-
Cisco4351\/K9-Rf Integrated Services Router-
Cisco4351\/K9-Ws Integrated Services Router-
Cisco4351\/K9 Integrated Services Router-
Cisco4351 Integrated Services Router-
Cisco4431 Integrated Services Router-

Related Weaknesses (CWE)

CWE-456

References

FAQ

What is CVE-2023-20226?

CVE-2023-20226 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to r...

How severe is CVE-2023-20226?

CVE-2023-20226 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20226?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Catalyst 8000V Edge, Cisco 1100-4G Integrated Services Router, Cisco 1100-4Gltegb Integrated Services Router, Cisco 1100-4Gltena Integrated Services Router.