CVE-2022-20697 The web services interface of Cisco IOS and IOS XE could be used to cause a DoS condition.

CVE-2022-20697 The web services interface of Cisco IOS and IOS XE could be used to cause a DoS condition.

To exploit this vulnerability, an attacker would need access to a targeted device with an affected web server running on the device. These devices could be either directly connected to the Internet or be connected to a device that is directly connected to the Internet. Cisco IOS Software and Cisco IOS XE Software running on the targeted device would need to be running a vulnerable version. The following Cisco products are running a vulnerable version and are vulnerable to this attack: Cisco IOS XE on switches running any release of Cisco IOS XE Software Cisco IOS XR on virtual routers running any release of Cisco IOS XE Software Cisco IOS XE on virtual routers running any release of Cisco IOS XE Software Cisco IOS XR on virtual routers running any release of Cisco IOS XE Software Cisco Catalyst 6500 series Switches Cisco 7600 series Routers Cisco 79XX series Routers Cisco Catalyst 4500 series Switches Cisco 5500 series Switches Cisco 7500 series Routers Cisco 7600 series Routers Cisco 7XXX series Routers Cisco 8XXX series Routers Cisco 9XXX series Routers Cisco 7XXX series Routers Cisco 8XXX series Routers Cisco 9XXX series Routers Cisco 7XXX series Routers Cisco 8XXX series Routers Cisco 9XXX series Routers Cisco 7XXX series Routers Cisco 8XXX series Routers Cisco 9XXX series Routers Cisco 7XXX series Routers Cisco 8XXX series Routers Cisco 9XXX series Routers Cisco 7XXX series Routers

Vulnerable code example

The following code example shows the vulnerable function in the web server.

Vulnerable code:

The Cisco IOS Software and Cisco IOS XE Software running on the targeted device would need to be running a vulnerable version. The following Cisco products are running a vulnerable version and are vulnerable to this attack:
Cisco IOS XE on switches running any release of Cisco IOS XE Software
Cisco IOS XR on virtual routers running any release of Cisco IO  S XE  Software
Cisco IOS XE on virtual routers running any release of Cisco IO  S X E Software
Cisco IOS XR on virtual routers running any release of Cisco IO S X E Software
Cisco Catalyst 6500 series Switches
Cisco 7600 series Routers
Cisco 79XX series Routers
Cisco Catalyst 4500 series Switches
Cisco 5500 series Switches
Cisco 7500 series Routers
Cisco 7XXX series Routers
Cisco 8XXX series Routers
Cisco 9XXX series Routers
There is no known workaround or fix at this time. If you have configured TCP/IP services, you should also take appropriate action.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe