Lucene search

CiscoCVELIST:CVE-2022-20622

HistoryApr 15, 2022 - 2:17 p.m.

CVE-2022-20622 Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability

2022-04-1514:17:04

CWE-770

cisco

www.cve.org

cisco

wireless controller

denial of service

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload.

CNA Affected

[
  {
    "product": "Cisco Aironet Access Point Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ip-flood-dos-6hxxENVQ

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

Related for CVELIST:CVE-2022-20622