Vulnerabilities > CVE-2022-20837 - Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XE

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-754

NVD

Published: 2022-10-10

Updated: 2023-11-07

Summary

A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XE -	1
Hardware	Cisco Cisco ASR 1000 Esp100 X - Cisco ASR 1000 Esp200 X - Cisco Catalyst 8500 - Cisco Catalyst 8500 4QC -	4

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX