CVE-2022-20717

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:sd-wan_vedge_router:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vedge_router:20.7:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:citrix:sd-wan_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:citrix:sd-wan_110:-:*:*:*:*:*:*:*
cpe:2.3:h:citrix:sd-wan_1100:-:*:*:*:*:*:*:*
cpe:2.3:h:citrix:sd-wan_2000:-:*:*:*:*:*:*:*
cpe:2.3:h:citrix:sd-wan_210:-:*:*:*:*:*:*:*
cpe:2.3:h:citrix:sd-wan_2100:-:*:*:*:*:*:*:*
cpe:2.3:h:citrix:sd-wan_5100:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:43

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB - Vendor Advisory

Information

Published : 2022-04-15 15:15

Updated : 2024-11-21 06:43


NVD link : CVE-2022-20717

Mitre link : CVE-2022-20717

CVE.ORG link : CVE-2022-20717


JSON object : View

Products Affected

citrix

  • sd-wan_5100
  • sd-wan_110
  • sd-wan_210
  • sd-wan_2100
  • sd-wan_2000
  • sd-wan_1000
  • sd-wan_1100

cisco

  • sd-wan_vedge_router
  • 1100_integrated_services_router
CWE
CWE-789

Memory Allocation with Excessive Size Value

CWE-770

Allocation of Resources Without Limits or Throttling