ID

VAR-202204-1029


CVE

CVE-2022-20761


TITLE

Cisco 1000  series  Connected Grid Router  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009573

DESCRIPTION

A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation. Cisco 1000 series Connected Grid Router (CGR1K) There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20761 // JVNDB: JVNDB-2022-009573 // VULHUB: VHN-405314 // VULMON: CVE-2022-20761

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)cg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)cg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m2a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m3a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m3a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m4a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m3b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m10

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m4a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m6a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m6a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m9

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m6a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m3a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m3b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m10

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m4a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m9

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t3

Trust: 1.0

vendor:シスコシステムズmodel:cisco iosscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009573 // NVD: CVE-2022-20761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20761
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20761
value: HIGH

Trust: 1.0

NVD: CVE-2022-20761
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-3443
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405314
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20761
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20761
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405314
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20761
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20761
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20761
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405314 // VULMON: CVE-2022-20761 // JVNDB: JVNDB-2022-009573 // CNNVD: CNNVD-202204-3443 // NVD: CVE-2022-20761 // NVD: CVE-2022-20761

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-248

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405314 // JVNDB: JVNDB-2022-009573 // NVD: CVE-2022-20761

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3443

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3443

PATCH

title:cisco-sa-cgr1k-ap-dos-mSZR4QVhurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cgr1k-ap-dos-mSZR4QVh

Trust: 0.8

title:Cisco 1000 Series Connected Grid Router Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190591

Trust: 0.6

title:Cisco: Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cgr1k-ap-dos-mSZR4QVh

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20761 // JVNDB: JVNDB-2022-009573 // CNNVD: CNNVD-202204-3443

EXTERNAL IDS

db:NVDid:CVE-2022-20761

Trust: 3.4

db:JVNDBid:JVNDB-2022-009573

Trust: 0.8

db:CS-HELPid:SB2022041421

Trust: 0.6

db:CNNVDid:CNNVD-202204-3443

Trust: 0.6

db:VULHUBid:VHN-405314

Trust: 0.1

db:VULMONid:CVE-2022-20761

Trust: 0.1

sources: VULHUB: VHN-405314 // VULMON: CVE-2022-20761 // JVNDB: JVNDB-2022-009573 // CNNVD: CNNVD-202204-3443 // NVD: CVE-2022-20761

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cgr1k-ap-dos-mszr4qvh

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-20761

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022041421

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20761/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405314 // VULMON: CVE-2022-20761 // JVNDB: JVNDB-2022-009573 // CNNVD: CNNVD-202204-3443 // NVD: CVE-2022-20761

SOURCES

db:VULHUBid:VHN-405314
db:VULMONid:CVE-2022-20761
db:JVNDBid:JVNDB-2022-009573
db:CNNVDid:CNNVD-202204-3443
db:NVDid:CVE-2022-20761

LAST UPDATE DATE

2024-11-23T23:03:53.256000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405314date:2022-04-25T00:00:00
db:VULMONid:CVE-2022-20761date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-009573date:2023-08-07T07:54:00
db:CNNVDid:CNNVD-202204-3443date:2022-04-26T00:00:00
db:NVDid:CVE-2022-20761date:2024-11-21T06:43:30.027

SOURCES RELEASE DATE

db:VULHUBid:VHN-405314date:2022-04-15T00:00:00
db:VULMONid:CVE-2022-20761date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2022-009573date:2023-08-07T00:00:00
db:CNNVDid:CNNVD-202204-3443date:2022-04-14T00:00:00
db:NVDid:CVE-2022-20761date:2022-04-15T15:15:13.933