Lucene search

CiscoCVE-2022-20728

HistorySep 30, 2022 - 7:15 p.m.

CVE-2022-20728

2022-09-3019:15:10

CWE-284

cisco

web.nvd.nist.gov

vulnerability

cisco

access points

aps

adjacent attacker

vlan

logic error

wireless client

exploit

bypass

layer 3

nvd

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.

Affected configurations

Nvd

Node

ciscoaironet_1542dMatch-

AND

ciscoaironet_1542d_firmwareMatch017.006\(001\)

Node

ciscoaironet_1542iMatch-

AND

ciscoaironet_1542i_firmwareMatch017.006\(001\)

Node

ciscoaironet_1562iMatch-

AND

ciscoaironet_1562i_firmwareMatch017.006\(001\)

Node

ciscoaironet_1562eMatch-

AND

ciscoaironet_1562e_firmwareMatch017.006\(001\)

Node

ciscoaironet_1562dMatch-

AND

ciscoaironet_1562d_firmwareMatch017.006\(001\)

Node

ciscoaironet_1815iMatch-

AND

ciscoaironet_1815i_firmwareMatch017.006\(001\)

Node

ciscoaironet_1815mMatch-

AND

ciscoaironet_1815m_firmwareMatch017.006\(001\)

Node

ciscoaironet_1815tMatch-

AND

ciscoaironet_1815t_firmwareMatch017.006\(001\)

Node

ciscoaironet_1815w_firmwareMatch017.006\(001\)

AND

ciscoaironet_1815wMatch-

Node

ciscoaironet_1830_firmwareMatch017.006\(001\)

AND

ciscoaironet_1830Match-

Node

ciscoaironet_1840_firmwareMatch017.006\(001\)

AND

ciscoaironet_1840Match-

Node

ciscoaironet_1850e_firmwareMatch017.006\(001\)

AND

ciscoaironet_1850eMatch-

Node

ciscoaironet_1850i_firmwareMatch017.006\(001\)

AND

ciscoaironet_1850iMatch-

Node

ciscoaironet_2800i_firmwareMatch017.006\(001\)

AND

ciscoaironet_2800iMatch-

Node

ciscoaironet_2800e_firmwareMatch017.006\(001\)

AND

ciscoaironet_2800eMatch-

Node

ciscoaironet_3800i_firmwareMatch017.006\(001\)

AND

ciscoaironet_3800iMatch-

Node

ciscoaironet_3800e_firmwareMatch017.006\(001\)

AND

ciscoaironet_3800eMatch-

Node

ciscoaironet_3800p_firmwareMatch017.006\(001\)

AND

ciscoaironet_3800pMatch-

Node

ciscoaironet_4800_firmwareMatch017.006\(001\)

AND

ciscoaironet_4800Match-

Node

ciscocatalyst_9105ax_firmwareMatch017.006\(001\)

AND

ciscocatalyst_9105axMatch-

Node

ciscocatalyst_9115ax_firmwareMatch017.006\(001\)

AND

ciscocatalyst_9115axMatch-

Node

ciscocatalyst_9117ax_firmwareMatch017.006\(001\)

AND

ciscocatalyst_9117axMatch-

Node

ciscocatalyst_9120ax_firmwareMatch017.006\(001\)

AND

ciscocatalyst_9120axMatch-

Node

ciscocatalyst_9124ax_firmwareMatch017.006\(001\)

AND

ciscocatalyst_9124axMatch-

Node

ciscocatalyst_9130ax_firmwareMatch017.006\(001\)

AND

ciscocatalyst_9130axMatch-

Node

ciscocatalyst_iw6300_firmwareMatch017.006\(001\)

AND

ciscocatalyst_iw6300Match-

VendorProductVersionCPE
ciscoaironet_1542d-cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*
ciscoaironet_1542d_firmware017.006(001)cpe:2.3:o:cisco:aironet_1542d_firmware:017.006\(001\):*:*:*:*:*:*:*
ciscoaironet_1542i-cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*
ciscoaironet_1542i_firmware017.006(001)cpe:2.3:o:cisco:aironet_1542i_firmware:017.006\(001\):*:*:*:*:*:*:*
ciscoaironet_1562i-cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*
ciscoaironet_1562i_firmware017.006(001)cpe:2.3:o:cisco:aironet_1562i_firmware:017.006\(001\):*:*:*:*:*:*:*
ciscoaironet_1562e-cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*
ciscoaironet_1562e_firmware017.006(001)cpe:2.3:o:cisco:aironet_1562e_firmware:017.006\(001\):*:*:*:*:*:*:*
ciscoaironet_1562d-cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*
ciscoaironet_1562d_firmware017.006(001)cpe:2.3:o:cisco:aironet_1562d_firmware:017.006\(001\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	aironet_1542d	-	cpe:2.3:h:cisco:aironet_1542d:-:::::::*
cisco	aironet_1542d_firmware	017.006(001)	cpe:2.3:o:cisco:aironet_1542d_firmware:017.006\(001\):::::::*
cisco	aironet_1542i	-	cpe:2.3:h:cisco:aironet_1542i:-:::::::*
cisco	aironet_1542i_firmware	017.006(001)	cpe:2.3:o:cisco:aironet_1542i_firmware:017.006\(001\):::::::*
cisco	aironet_1562i	-	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
cisco	aironet_1562i_firmware	017.006(001)	cpe:2.3:o:cisco:aironet_1562i_firmware:017.006\(001\):::::::*
cisco	aironet_1562e	-	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
cisco	aironet_1562e_firmware	017.006(001)	cpe:2.3:o:cisco:aironet_1562e_firmware:017.006\(001\):::::::*
cisco	aironet_1562d	-	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
cisco	aironet_1562d_firmware	017.006(001)	cpe:2.3:o:cisco:aironet_1562d_firmware:017.006\(001\):::::::*

Rows per page:

1-10 of 521

CNA Affected

[
  {
    "product": "Cisco Aironet Access Point Software (IOS XE Controller)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY

Social References

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

Related for CVE-2022-20728