CVE-2023-20226

HIGH

Cisco IOS XE - Unauthenticated Denial of Service via Crafted Packet Stream

Title source: llm

Description

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y

Scores

CVSS v3 8.6

EPSS 0.0018

EPSS Percentile 38.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-456

Status published

Products (11)

cisco/ios_xe 17.7.1

cisco/ios_xe 17.7.1a

cisco/ios_xe 17.7.2

cisco/ios_xe 17.8.1

cisco/ios_xe 17.8.1a

cisco/ios_xe 17.9.1

cisco/ios_xe 17.9.1a

cisco/ios_xe 17.9.2

cisco/ios_xe 17.9.2a

cisco/ios_xe 17.10.1

... and 1 more

Published Sep 27, 2023

Tracked Since Feb 18, 2026