17.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-754

NVD

Published: 2020-09-24

Updated: 2023-11-07

Summary

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XE 16.9.3 Cisco IOS XE 17.2	2
Hardware	Cisco Cisco 4221 Integrated Services Router - Cisco 4321 Integrated Services Router - Cisco 4331 Integrated Services Router - Cisco 4351 Integrated Services Router - Cisco 4431 Integrated Services Router - Cisco 4461 Integrated Services Router - Cisco ASR 1001 HX - Cisco ASR 1001 X - Cisco ASR 1002 HX - Cisco ASR 1002 X - Cisco ASR 1004 - Cisco ASR 1006 - Cisco ASR 1006 X - Cisco ASR 1009 X - Cisco ASR 1013 - Cisco 1100 Integrated Services Router - Cisco 1101 Integrated Services Router - Cisco 1109 Integrated Services Router - Cisco 1111X Integrated Services Router - Cisco 111X Integrated Services Router - Cisco 1120 Integrated Services Router - Cisco 1160 Integrated Services Router - Cisco CSR 1000V -	23

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G