CVE-2022-20697
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/04/2022
Last modified:
07/11/2023
Description
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios:15.1\(3\)svr1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svr2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svr3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svs:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svs1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svt1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svt2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svt3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svu1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svu2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svu10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.1\(3\)svv1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.2\(7\)e3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.2\(7\)e3a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.2\(7\)e3k:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page