VDB

CVE-2022-20697

CVE-2022-20697 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

EPSS 0.45% · 63.9th percentile

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.45%
63.9th percentile

Affected Products

VendorProductVersions
ciscoios*, *, *
CiscoCisco IOS*
ciscoios_xe3.11.3e, 3.11.4e, 3.11.3ae

Exploit Intelligence

Timeline

  • Apr 13, 2022 CVE Published
  • Apr 16, 2022 EPSS Score
  • Jun 5, 2022 EPSS Score
  • Jul 26, 2022 EPSS Score
  • Sep 14, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 23, 2023 EPSS Score
  • Jul 12, 2023 EPSS Score
  • Aug 31, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›