CVE-2022-20769

Published Sep 30, 2022

Last updated a year ago

CVSS medium 6.5

Overview

Description: A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-787
ykramarz@cisco.com: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A1148C0-C1D4-4118-8BFC-20888792C1A5",
            "versionEndExcluding": "8.10.171.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:virtual_wireless_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6BF3FF9-F50A-43F7-8BFC-A583839CF068"
          },
          {
            "criteria": "cpe:2.3:h:cisco:2504_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF2B56FF-7F15-4926-A570-472BC675306F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:3504_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "744DD1C4-DE18-486E-8F1F-C68CC000245A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:5508_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9FD7B8F-475B-4DAD-9873-4732FADA5230"
          },
          {
            "criteria": "cpe:2.3:h:cisco:5520_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE05E91A-E339-4BFC-A126-653113BD1D48"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8540_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "340E1032-ED1A-40D2-BC97-7AAE8EC1AA76"
          },
          {
            "criteria": "cpe:2.3:h:cisco:flex_7510:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FAE08D4-C800-4531-BE0A-FF285F657BF5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References