ID

VAR-202204-0640


CVE

CVE-2022-20622


TITLE

Catalyst Access Points Software  Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009564

DESCRIPTION

A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload. Catalyst Access Points Software Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Cisco Embedded Wireless Controller is a wireless access device of Cisco (Cisco) in the United States

Trust: 2.34

sources: NVD: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNVD: CNVD-2022-46478 // VULHUB: VHN-405175 // VULMON: CVE-2022-20622

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-46478

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access point softwarescope:ltversion:17.3.4

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope:gteversion:17.3

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope:ltversion:17.6.1

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope:gteversion:17.4

Trust: 1.0

vendor:シスコシステムズmodel:cisco aironet アクセス ポイント ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco aironet アクセス ポイント ソフトウェアscope:eqversion:cisco aironet access point software

Trust: 0.8

vendor:シスコシステムズmodel:cisco aironet アクセス ポイント ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:embedded wireless controllerscope:eqversion:17.3

Trust: 0.6

vendor:ciscomodel:embedded wireless controllerscope:eqversion:17.4

Trust: 0.6

vendor:ciscomodel:embedded wireless controllerscope:eqversion:17.5

Trust: 0.6

vendor:ciscomodel:embedded wireless controllerscope:eqversion:17.6

Trust: 0.6

sources: CNVD: CNVD-2022-46478 // JVNDB: JVNDB-2022-009564 // NVD: CVE-2022-20622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20622
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20622
value: HIGH

Trust: 1.0

NVD: CVE-2022-20622
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-46478
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202204-3461
value: HIGH

Trust: 0.6

VULHUB: VHN-405175
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20622
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20622
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-46478
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-405175
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20622
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20622
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20622
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-46478 // VULHUB: VHN-405175 // VULMON: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNNVD: CNNVD-202204-3461 // NVD: CVE-2022-20622 // NVD: CVE-2022-20622

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

problemtype:Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405175 // JVNDB: JVNDB-2022-009564 // NVD: CVE-2022-20622

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3461

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3461

PATCH

title:cisco-sa-ap-ip-flood-dos-6hxxENVQurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ip-flood-dos-6hxxENVQ

Trust: 0.8

title:Patch for Cisco Embedded Wireless Controller Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/336686

Trust: 0.6

title:Cisco Embedded Wireless Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189518

Trust: 0.6

title:Cisco: Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ap-ip-flood-dos-6hxxENVQ

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2022-46478 // VULMON: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNNVD: CNNVD-202204-3461

EXTERNAL IDS

db:NVDid:CVE-2022-20622

Trust: 4.0

db:JVNDBid:JVNDB-2022-009564

Trust: 0.8

db:CNVDid:CNVD-2022-46478

Trust: 0.7

db:CS-HELPid:SB2022041510

Trust: 0.6

db:CNNVDid:CNNVD-202204-3461

Trust: 0.6

db:VULHUBid:VHN-405175

Trust: 0.1

db:VULMONid:CVE-2022-20622

Trust: 0.1

sources: CNVD: CNVD-2022-46478 // VULHUB: VHN-405175 // VULMON: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNNVD: CNNVD-202204-3461 // NVD: CVE-2022-20622

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ap-ip-flood-dos-6hxxenvq

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20622

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20622/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041510

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: CNVD: CNVD-2022-46478 // VULHUB: VHN-405175 // VULMON: CVE-2022-20622 // JVNDB: JVNDB-2022-009564 // CNNVD: CNNVD-202204-3461 // NVD: CVE-2022-20622

SOURCES

db:CNVDid:CNVD-2022-46478
db:VULHUBid:VHN-405175
db:VULMONid:CVE-2022-20622
db:JVNDBid:JVNDB-2022-009564
db:CNNVDid:CNNVD-202204-3461
db:NVDid:CVE-2022-20622

LAST UPDATE DATE

2024-08-14T14:49:52.280000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-46478date:2022-06-21T00:00:00
db:VULHUBid:VHN-405175date:2022-04-25T00:00:00
db:VULMONid:CVE-2022-20622date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-009564date:2023-08-07T07:31:00
db:CNNVDid:CNNVD-202204-3461date:2022-04-26T00:00:00
db:NVDid:CVE-2022-20622date:2023-11-07T03:42:27.930

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-46478date:2022-06-21T00:00:00
db:VULHUBid:VHN-405175date:2022-04-15T00:00:00
db:VULMONid:CVE-2022-20622date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2022-009564date:2023-08-07T00:00:00
db:CNNVDid:CNNVD-202204-3461date:2022-04-15T00:00:00
db:NVDid:CVE-2022-20622date:2022-04-15T15:15:12.247