Details of VAR-202204-0640

ID

VAR-202204-0640

CVE

CVE-2022-20622

TITLE

Catalyst Access Points Software Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009564

DESCRIPTION

A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload. Catalyst Access Points Software Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Cisco Embedded Wireless Controller is a wireless access device of Cisco (Cisco) in the United States

Trust: 2.34

sources: NVD: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNVD: CNVD-2022-46478 // VULHUB: VHN-405175 // VULMON: CVE-2022-20622

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-46478

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point software	scope:	lt	version:	17.3.4	Trust: 1.0
vendor:	cisco	model:	aironet access point software	scope:	gte	version:	17.3	Trust: 1.0
vendor:	cisco	model:	aironet access point software	scope:	lt	version:	17.6.1	Trust: 1.0
vendor:	cisco	model:	aironet access point software	scope:	gte	version:	17.4	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco aironet アクセスポイントソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet アクセスポイントソフトウェア	scope:	eq	version:	cisco aironet access point software	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet アクセスポイントソフトウェア	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	embedded wireless controller	scope:	eq	version:	17.3	Trust: 0.6
vendor:	cisco	model:	embedded wireless controller	scope:	eq	version:	17.4	Trust: 0.6
vendor:	cisco	model:	embedded wireless controller	scope:	eq	version:	17.5	Trust: 0.6
vendor:	cisco	model:	embedded wireless controller	scope:	eq	version:	17.6	Trust: 0.6

sources: CNVD: CNVD-2022-46478 // JVNDB: JVNDB-2022-009564 // NVD: CVE-2022-20622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20622
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20622
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-20622
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-46478
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202204-3461
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405175
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20622
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20622
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-46478
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-405175
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20622
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20622
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20622
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-46478 // VULHUB: VHN-405175 // VULMON: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNNVD: CNNVD-202204-3461 // NVD: CVE-2022-20622 // NVD: CVE-2022-20622

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.1
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405175 // JVNDB: JVNDB-2022-009564 // NVD: CVE-2022-20622

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3461

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3461

PATCH

title:	cisco-sa-ap-ip-flood-dos-6hxxENVQ	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ip-flood-dos-6hxxENVQ	Trust: 0.8
title:	Patch for Cisco Embedded Wireless Controller Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/336686	Trust: 0.6
title:	Cisco Embedded Wireless Controller Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189518	Trust: 0.6
title:	Cisco: Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ap-ip-flood-dos-6hxxENVQ	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2022-46478 // VULMON: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNNVD: CNNVD-202204-3461

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20622	Trust: 4.0
db:	JVNDB	id:	JVNDB-2022-009564	Trust: 0.8
db:	CNVD	id:	CNVD-2022-46478	Trust: 0.7
db:	CS-HELP	id:	SB2022041510	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3461	Trust: 0.6
db:	VULHUB	id:	VHN-405175	Trust: 0.1
db:	VULMON	id:	CVE-2022-20622	Trust: 0.1

sources: CNVD: CNVD-2022-46478 // VULHUB: VHN-405175 // VULMON: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNNVD: CNNVD-202204-3461 // NVD: CVE-2022-20622

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ap-ip-flood-dos-6hxxenvq	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20622	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20622/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041510	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/770.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: CNVD: CNVD-2022-46478 // VULHUB: VHN-405175 // VULMON: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNNVD: CNNVD-202204-3461 // NVD: CVE-2022-20622

SOURCES

db:	CNVD	id:	CNVD-2022-46478
db:	VULHUB	id:	VHN-405175
db:	VULMON	id:	CVE-2022-20622
db:	JVNDB	id:	JVNDB-2022-009564
db:	CNNVD	id:	CNNVD-202204-3461
db:	NVD	id:	CVE-2022-20622

LAST UPDATE DATE

2024-08-14T14:49:52.280000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-46478	date:	2022-06-21T00:00:00
db:	VULHUB	id:	VHN-405175	date:	2022-04-25T00:00:00
db:	VULMON	id:	CVE-2022-20622	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009564	date:	2023-08-07T07:31:00
db:	CNNVD	id:	CNNVD-202204-3461	date:	2022-04-26T00:00:00
db:	NVD	id:	CVE-2022-20622	date:	2023-11-07T03:42:27.930

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-46478	date:	2022-06-21T00:00:00
db:	VULHUB	id:	VHN-405175	date:	2022-04-15T00:00:00
db:	VULMON	id:	CVE-2022-20622	date:	2022-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-009564	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202204-3461	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-20622	date:	2022-04-15T15:15:12.247