Details of VAR-202209-1731

ID

VAR-202209-1731

CVE

CVE-2022-20728

TITLE

Vulnerabilities in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018195

DESCRIPTION

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed. Cisco Aironet 1542d series firmware, Cisco Aironet 1542i series firmware, Cisco Aironet 1562i Unspecified vulnerabilities exist in multiple Cisco Systems products, including series firmware.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-20728 // JVNDB: JVNDB-2022-018195 // VULMON: CVE-2022-20728

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst iw6300	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 2800i	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 3800i	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1815w	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	catalyst 9124ax	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1562d	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1850e	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 3800e	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1562i	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1815m	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1850i	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1840	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	catalyst 9115ax	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	catalyst 9130ax	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 2800e	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	catalyst 9117ax	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1542i	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	catalyst 9120ax	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1562e	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1815t	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1830	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 3800p	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	catalyst 9105ax	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 4800	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1815i	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	cisco	model:	aironet 1542d	scope:	eq	version:	017.006\(001\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco aironet 1850i シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1562d シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 4800 シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1840 シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1815w シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1562e シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1542i シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1542d シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1815m シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 3800e シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst 9105ax シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 3800i シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1830 シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1850e シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 3800p シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1815i シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 2800i シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 2800e シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1815t シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco aironet 1562i シリーズ	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018195 // NVD: CVE-2022-20728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20728
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20728
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20728
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202209-2793
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-20728
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20728
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018195 // CNNVD: CNNVD-202209-2793 // NVD: CVE-2022-20728 // NVD: CVE-2022-20728

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018195 // NVD: CVE-2022-20728

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2793

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-2793

PATCH

title:	cisco-sa-apvlan-TDTtb4FY	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY	Trust: 0.8
title:	Cisco Access Points Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209666	Trust: 0.6

sources: JVNDB: JVNDB-2022-018195 // CNNVD: CNNVD-202209-2793

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20728	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018195	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.4806	Trust: 0.6
db:	CNNVD	id:	CNNVD-202209-2793	Trust: 0.6
db:	VULMON	id:	CVE-2022-20728	Trust: 0.1

sources: VULMON: CVE-2022-20728 // JVNDB: JVNDB-2022-018195 // CNNVD: CNNVD-202209-2793 // NVD: CVE-2022-20728

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apvlan-tdttb4fy	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20728	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.4806	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20728/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-aironet-catalyst-access-point-ingress-filtrering-bypass-via-vlan-bypass-39379	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-20728 // JVNDB: JVNDB-2022-018195 // CNNVD: CNNVD-202209-2793 // NVD: CVE-2022-20728

SOURCES

db:	VULMON	id:	CVE-2022-20728
db:	JVNDB	id:	JVNDB-2022-018195
db:	CNNVD	id:	CNNVD-202209-2793
db:	NVD	id:	CVE-2022-20728

LAST UPDATE DATE

2024-08-14T13:21:41.545000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-20728	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-018195	date:	2023-10-19T02:23:00
db:	CNNVD	id:	CNNVD-202209-2793	date:	2022-10-08T00:00:00
db:	NVD	id:	CVE-2022-20728	date:	2023-11-07T03:42:45.823

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-20728	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-018195	date:	2023-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202209-2793	date:	2022-09-27T00:00:00
db:	NVD	id:	CVE-2022-20728	date:	2022-09-30T19:15:10.903