Lucene search

CiscoCVE-2022-20683

HistoryApr 15, 2022 - 3:15 p.m.

CVE-2022-20683

2022-04-1515:15:12

CWE-787

CWE-124

cisco

web.nvd.nist.gov

cve-2022-20683

cisco

catalyst 9800 series

wireless controllers

avc-fnf

dos

denial of service

vulnerability

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition.

Affected configurations

Nvd

Node

ciscoios_xeMatch3.15.1xbs

ciscoios_xeMatch3.15.2xbs

ciscoios_xeMatch16.7.2

ciscoios_xeMatch16.7.3

ciscoios_xeMatch16.7.4

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1a

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

ciscoios_xeMatch16.8.1d

ciscoios_xeMatch16.8.1e

ciscoios_xeMatch16.8.1s

ciscoios_xeMatch16.8.2

ciscoios_xeMatch16.8.3

ciscoios_xeMatch16.9.1

ciscoios_xeMatch16.9.1a

ciscoios_xeMatch16.9.1b

ciscoios_xeMatch16.9.1c

ciscoios_xeMatch16.9.1d

ciscoios_xeMatch16.9.1s

ciscoios_xeMatch16.9.2

ciscoios_xeMatch16.9.2a

ciscoios_xeMatch16.9.2s

ciscoios_xeMatch16.9.3

ciscoios_xeMatch16.9.3a

ciscoios_xeMatch16.9.3h

ciscoios_xeMatch16.9.3s

ciscoios_xeMatch16.9.4

ciscoios_xeMatch16.9.4c

ciscoios_xeMatch16.9.5

ciscoios_xeMatch16.9.5f

ciscoios_xeMatch16.9.6

ciscoios_xeMatch16.9.7

ciscoios_xeMatch16.9.8

ciscoios_xeMatch16.10.1

ciscoios_xeMatch16.10.1a

ciscoios_xeMatch16.10.1b

ciscoios_xeMatch16.10.1c

ciscoios_xeMatch16.10.1d

ciscoios_xeMatch16.10.1e

ciscoios_xeMatch16.10.1f

ciscoios_xeMatch16.10.1g

ciscoios_xeMatch16.10.1s

ciscoios_xeMatch16.10.2

ciscoios_xeMatch16.10.3

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.11.1a

ciscoios_xeMatch16.11.1b

ciscoios_xeMatch16.11.1c

ciscoios_xeMatch16.11.1s

ciscoios_xeMatch16.11.2

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1a

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

ciscoios_xeMatch16.12.1t

ciscoios_xeMatch16.12.1w

ciscoios_xeMatch16.12.1x

ciscoios_xeMatch16.12.1y

ciscoios_xeMatch16.12.1z

ciscoios_xeMatch16.12.1z1

ciscoios_xeMatch16.12.1z2

ciscoios_xeMatch16.12.2

ciscoios_xeMatch16.12.2a

ciscoios_xeMatch16.12.2s

ciscoios_xeMatch16.12.2t

ciscoios_xeMatch16.12.3

ciscoios_xeMatch16.12.3a

ciscoios_xeMatch16.12.3s

ciscoios_xeMatch16.12.4

ciscoios_xeMatch16.12.4a

ciscoios_xeMatch16.12.5

ciscoios_xeMatch16.12.5a

ciscoios_xeMatch16.12.5b

ciscoios_xeMatch16.12.6

ciscoios_xeMatch16.12.6a

ciscoios_xeMatch17.1.1

ciscoios_xeMatch17.1.1a

ciscoios_xeMatch17.1.1s

ciscoios_xeMatch17.1.1t

ciscoios_xeMatch17.1.2

ciscoios_xeMatch17.1.3

ciscoios_xeMatch17.2.1

ciscoios_xeMatch17.2.1a

ciscoios_xeMatch17.2.1r

ciscoios_xeMatch17.2.1v

ciscoios_xeMatch17.2.2

ciscoios_xeMatch17.2.3

ciscoios_xeMatch17.3.1

ciscoios_xeMatch17.3.1a

ciscoios_xeMatch17.3.1w

ciscoios_xeMatch17.3.1x

ciscoios_xeMatch17.3.1z

ciscoios_xeMatch17.3.2

ciscoios_xeMatch17.3.2a

ciscoios_xeMatch17.4.1

ciscoios_xeMatch17.4.1a

ciscoios_xeMatch17.4.1b

ciscoios_xeMatch17.4.1c

ciscoios_xeMatch17.4.2

ciscoios_xeMatch17.4.2a

VendorProductVersionCPE
ciscoios_xe3.15.1xbscpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*
ciscoios_xe3.15.2xbscpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:*
ciscoios_xe16.7.2cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*
ciscoios_xe16.7.3cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*
ciscoios_xe16.7.4cpe:2.3:o:cisco:ios_xe:16.7.4:*:*:*:*:*:*:*
ciscoios_xe16.8.1cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*
ciscoios_xe16.8.1acpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*
ciscoios_xe16.8.1bcpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*
ciscoios_xe16.8.1ccpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*
ciscoios_xe16.8.1dcpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.15.1xbs	cpe:2.3:o:cisco:ios_xe:3.15.1xbs:::::::*
cisco	ios_xe	3.15.2xbs	cpe:2.3:o:cisco:ios_xe:3.15.2xbs:::::::*
cisco	ios_xe	16.7.2	cpe:2.3:o:cisco:ios_xe:16.7.2:::::::*
cisco	ios_xe	16.7.3	cpe:2.3:o:cisco:ios_xe:16.7.3:::::::*
cisco	ios_xe	16.7.4	cpe:2.3:o:cisco:ios_xe:16.7.4:::::::*
cisco	ios_xe	16.8.1	cpe:2.3:o:cisco:ios_xe:16.8.1:::::::*
cisco	ios_xe	16.8.1a	cpe:2.3:o:cisco:ios_xe:16.8.1a:::::::*
cisco	ios_xe	16.8.1b	cpe:2.3:o:cisco:ios_xe:16.8.1b:::::::*
cisco	ios_xe	16.8.1c	cpe:2.3:o:cisco:ios_xe:16.8.1c:::::::*
cisco	ios_xe	16.8.1d	cpe:2.3:o:cisco:ios_xe:16.8.1d:::::::*

Rows per page:

1-10 of 1011

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-fnf-dos-bOL5vLge

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

Related for CVE-2022-20683