Symptom
This product includes Third-party Software that is affected by the
vulnerabilities identified by the following Common Vulnerability and
Exposures (CVE) IDs:
CVE-2022-23302 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
After analysis, Cisco has decided against performing additional actions on this product due to one of the
following reasons:
- The product is no longer maintained, having reached End of Software Maintenance.
- The product is still being maintained, but a business decision was made not to upgrade the vulnerable product.
- The product uses the affected third-party component in such a way as to not be affected by these vulnerabilities.
Conditions
Device with default configuration.
Workaround
Not available or not applicable.
Further Problem Description
Additional details about the vulnerabilities listed above can be found
at http://cve.mitre.org/cve/cve.html.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 3.1 score.
The Base CVSS score as of the time of evaluation is: 8.8
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE ID CVE-2022-23302 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
