ID

VAR-202204-1361


CVE

CVE-2022-20717


TITLE

Cisco SD-WAN vEdge Router  Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010982

DESCRIPTION

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. Cisco SD-WAN vEdge Router Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-20717 // JVNDB: JVNDB-2022-010982 // VULMON: CVE-2022-20717

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wan vedge routerscope:eqversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wan vedge routerscope:lteversion:20.6

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vedge routerscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vedge routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010982 // NVD: CVE-2022-20717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20717
value: MEDIUM

Trust: 1.0

psirt@cisco.com: CVE-2022-20717
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20717
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-3359
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-20717
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20717
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

psirt@cisco.com: CVE-2022-20717
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2022-20717
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2022-20717 // CNNVD: CNNVD-202204-3359 // JVNDB: JVNDB-2022-010982 // NVD: CVE-2022-20717 // NVD: CVE-2022-20717

PROBLEMTYPE DATA

problemtype:CWE-789

Trust: 1.0

problemtype:CWE-770

Trust: 1.0

problemtype:Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-010982 // NVD: CVE-2022-20717

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3359

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3359

PATCH

title:cisco-sa-sdwan-vedge-dos-jerVm4bBurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB

Trust: 0.8

title:Cisco: Cisco SD-WAN vEdge Routers Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-vedge-dos-jerVm4bB

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20717 // JVNDB: JVNDB-2022-010982

EXTERNAL IDS

db:NVDid:CVE-2022-20717

Trust: 3.3

db:JVNDBid:JVNDB-2022-010982

Trust: 0.8

db:CS-HELPid:SB2022041505

Trust: 0.6

db:CNNVDid:CNNVD-202204-3359

Trust: 0.6

db:VULMONid:CVE-2022-20717

Trust: 0.1

sources: VULMON: CVE-2022-20717 // CNNVD: CNNVD-202204-3359 // JVNDB: JVNDB-2022-010982 // NVD: CVE-2022-20717

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vedge-dos-jervm4bb

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20717

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022041505

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20717/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-memory-leak-via-netconf-38069

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULMON: CVE-2022-20717 // CNNVD: CNNVD-202204-3359 // JVNDB: JVNDB-2022-010982 // NVD: CVE-2022-20717

SOURCES

db:VULMONid:CVE-2022-20717
db:CNNVDid:CNNVD-202204-3359
db:JVNDBid:JVNDB-2022-010982
db:NVDid:CVE-2022-20717

LAST UPDATE DATE

2026-06-19T23:40:21.926000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-20717date:2023-05-22T00:00:00
db:CNNVDid:CNNVD-202204-3359date:2022-05-17T00:00:00
db:JVNDBid:JVNDB-2022-010982date:2023-08-18T05:14:00
db:NVDid:CVE-2022-20717date:2026-06-17T04:24:56.190

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-20717date:2022-04-15T00:00:00
db:CNNVDid:CNNVD-202204-3359date:2022-04-13T00:00:00
db:JVNDBid:JVNDB-2022-010982date:2023-08-18T00:00:00
db:NVDid:CVE-2022-20717date:2022-04-15T15:15:13.113