CVE-2022-20837

Summary

CVE	CVE-2022-20837
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-10-10 21:15:00 UTC
Updated	2023-11-07 03:43:00 UTC
Description	A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic.

Risk And Classification

Problem Types: CWE-754

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Asr 1000-esp100-x	-	All	All	All
Hardware	Cisco	Asr 1000-esp200-x	-	All	All	All
Hardware	Cisco	Catalyst 8500	-	All	All	All
Hardware	Cisco	Catalyst 8500-4qc	-	All	All	All
Operating System	Cisco	Ios Xe	-	All	All	All

References

Reference	Source	Link	Tags
20220928 Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability	CISCO	tools.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317235 Cisco Internetwork Operating System (IOS) XE Software Domain Name System (DNS) NAT Protocol Application Layer Gateway Denial of Service (DoS) Vulnerability (cisco-sa-alg-dos-KU9Z8kFX)