ID

VAR-202204-0857


CVE

CVE-2022-20682


TITLE

Cisco IOS XE Wireless Controller  in software  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-009756

DESCRIPTION

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition

Trust: 1.8

sources: NVD: CVE-2022-20682 // JVNDB: JVNDB-2022-009756 // VULHUB: VHN-405235 // VULMON: CVE-2022-20682

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1z

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.5a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.2xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.6a

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009756 // NVD: CVE-2022-20682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20682
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20682
value: HIGH

Trust: 1.0

NVD: CVE-2022-20682
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-3362
value: HIGH

Trust: 0.6

VULHUB: VHN-405235
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20682
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20682
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405235
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20682
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 2.0

NVD: CVE-2022-20682
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405235 // VULMON: CVE-2022-20682 // JVNDB: JVNDB-2022-009756 // CNNVD: CNNVD-202204-3362 // NVD: CVE-2022-20682 // NVD: CVE-2022-20682

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

problemtype:CWE-690

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405235 // JVNDB: JVNDB-2022-009756 // NVD: CVE-2022-20682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3362

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-3362

PATCH

title:cisco-sa-c9800-capwap-mdns-6PSn7gKUurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-capwap-mdns-6PSn7gKU

Trust: 0.8

title:Cisco: Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-c9800-capwap-mdns-6PSn7gKU

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20682 // JVNDB: JVNDB-2022-009756

EXTERNAL IDS

db:NVDid:CVE-2022-20682

Trust: 3.4

db:JVNDBid:JVNDB-2022-009756

Trust: 0.8

db:CS-HELPid:SB2022041410

Trust: 0.6

db:CNNVDid:CNNVD-202204-3362

Trust: 0.6

db:CNVDid:CNVD-2022-55145

Trust: 0.1

db:VULHUBid:VHN-405235

Trust: 0.1

db:VULMONid:CVE-2022-20682

Trust: 0.1

sources: VULHUB: VHN-405235 // VULMON: CVE-2022-20682 // JVNDB: JVNDB-2022-009756 // CNNVD: CNNVD-202204-3362 // NVD: CVE-2022-20682

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-c9800-capwap-mdns-6psn7gku

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-20682

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20682/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041410

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-capwap-38066

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/476.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405235 // VULMON: CVE-2022-20682 // JVNDB: JVNDB-2022-009756 // CNNVD: CNNVD-202204-3362 // NVD: CVE-2022-20682

SOURCES

db:VULHUBid:VHN-405235
db:VULMONid:CVE-2022-20682
db:JVNDBid:JVNDB-2022-009756
db:CNNVDid:CNNVD-202204-3362
db:NVDid:CVE-2022-20682

LAST UPDATE DATE

2024-08-14T14:10:52.779000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405235date:2022-04-26T00:00:00
db:VULMONid:CVE-2022-20682date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-009756date:2023-08-08T06:50:00
db:CNNVDid:CNNVD-202204-3362date:2022-04-29T00:00:00
db:NVDid:CVE-2022-20682date:2023-11-07T03:42:37.030

SOURCES RELEASE DATE

db:VULHUBid:VHN-405235date:2022-04-15T00:00:00
db:VULMONid:CVE-2022-20682date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2022-009756date:2023-08-08T00:00:00
db:CNNVDid:CNNVD-202204-3362date:2022-04-13T00:00:00
db:NVDid:CVE-2022-20682date:2022-04-15T15:15:12.617