Details of VAR-202204-0857

ID

VAR-202204-0857

CVE

CVE-2022-20682

TITLE

Cisco IOS XE Wireless Controller in software NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-009756

DESCRIPTION

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition

Trust: 1.8

sources: NVD: CVE-2022-20682 // JVNDB: JVNDB-2022-009756 // VULHUB: VHN-405235 // VULMON: CVE-2022-20682

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1z	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.6a	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009756 // NVD: CVE-2022-20682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20682
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20682
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-20682
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-3362
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405235
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20682
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20682
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405235
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20682
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20682
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405235 // VULMON: CVE-2022-20682 // JVNDB: JVNDB-2022-009756 // CNNVD: CNNVD-202204-3362 // NVD: CVE-2022-20682 // NVD: CVE-2022-20682

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.1
problemtype:	CWE-690	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405235 // JVNDB: JVNDB-2022-009756 // NVD: CVE-2022-20682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3362

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-3362

PATCH

title:	cisco-sa-c9800-capwap-mdns-6PSn7gKU	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-capwap-mdns-6PSn7gKU	Trust: 0.8
title:	Cisco: Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-c9800-capwap-mdns-6PSn7gKU	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20682 // JVNDB: JVNDB-2022-009756

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20682	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009756	Trust: 0.8
db:	CS-HELP	id:	SB2022041410	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3362	Trust: 0.6
db:	CNVD	id:	CNVD-2022-55145	Trust: 0.1
db:	VULHUB	id:	VHN-405235	Trust: 0.1
db:	VULMON	id:	CVE-2022-20682	Trust: 0.1

sources: VULHUB: VHN-405235 // VULMON: CVE-2022-20682 // JVNDB: JVNDB-2022-009756 // CNNVD: CNNVD-202204-3362 // NVD: CVE-2022-20682

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-c9800-capwap-mdns-6psn7gku	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20682	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20682/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041410	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-capwap-38066	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/476.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405235 // VULMON: CVE-2022-20682 // JVNDB: JVNDB-2022-009756 // CNNVD: CNNVD-202204-3362 // NVD: CVE-2022-20682

SOURCES

db:	VULHUB	id:	VHN-405235
db:	VULMON	id:	CVE-2022-20682
db:	JVNDB	id:	JVNDB-2022-009756
db:	CNNVD	id:	CNNVD-202204-3362
db:	NVD	id:	CVE-2022-20682

LAST UPDATE DATE

2024-08-14T14:10:52.779000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405235	date:	2022-04-26T00:00:00
db:	VULMON	id:	CVE-2022-20682	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009756	date:	2023-08-08T06:50:00
db:	CNNVD	id:	CNNVD-202204-3362	date:	2022-04-29T00:00:00
db:	NVD	id:	CVE-2022-20682	date:	2023-11-07T03:42:37.030

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405235	date:	2022-04-15T00:00:00
db:	VULMON	id:	CVE-2022-20682	date:	2022-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-009756	date:	2023-08-08T00:00:00
db:	CNNVD	id:	CNNVD-202204-3362	date:	2022-04-13T00:00:00
db:	NVD	id:	CVE-2022-20682	date:	2022-04-15T15:15:12.617