ID

VAR-202209-1900


CVE

CVE-2022-20856


TITLE

Cisco Systems  Cisco IOS XE  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018760

DESCRIPTION

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition. Cisco Systems Cisco IOS XE Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Attackers can exploit the vulnerability to cause denial of service

Trust: 2.25

sources: NVD: CVE-2022-20856 // JVNDB: JVNDB-2022-018760 // CNVD: CNVD-2022-91647 // VULMON: CVE-2022-20856

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-91647

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:17.3.4c

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion:17.3.4c

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

vendor:ciscomodel:ios xe 17.3.4cscope: - version: -

Trust: 0.6

vendor:ciscomodel:catalystscope:eqversion:9800

Trust: 0.6

vendor:ciscomodel:catalystscope:eqversion:9800-40

Trust: 0.6

vendor:ciscomodel:catalystscope:eqversion:9800-80

Trust: 0.6

vendor:ciscomodel:catalyst 9800-clscope: - version: -

Trust: 0.6

vendor:ciscomodel:catalyst 9800-lscope: - version: -

Trust: 0.6

vendor:ciscomodel:catalyst 9800-lfscope: - version: -

Trust: 0.6

vendor:ciscomodel:catalyst 9800-lcscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-91647 // JVNDB: JVNDB-2022-018760 // NVD: CVE-2022-20856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20856
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20856
value: HIGH

Trust: 1.0

NVD: CVE-2022-20856
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-91647
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202209-2911
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-91647
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-20856
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20856
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20856
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-91647 // JVNDB: JVNDB-2022-018760 // CNNVD: CNNVD-202209-2911 // NVD: CVE-2022-20856 // NVD: CVE-2022-20856

PROBLEMTYPE DATA

problemtype:CWE-664

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018760 // NVD: CVE-2022-20856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-2911

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-2911

PATCH

title:cisco-sa-c9800-mob-dos-342YAc6Jurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J

Trust: 0.8

title:Patch for Cisco IOS XE Wireless Controller software denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/384571

Trust: 0.6

title:Cisco IOS XE Wireless Controller software Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209368

Trust: 0.6

title:Cisco: Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-c9800-mob-dos-342YAc6J

Trust: 0.1

sources: CNVD: CNVD-2022-91647 // VULMON: CVE-2022-20856 // JVNDB: JVNDB-2022-018760 // CNNVD: CNNVD-202209-2911

EXTERNAL IDS

db:NVDid:CVE-2022-20856

Trust: 3.9

db:JVNDBid:JVNDB-2022-018760

Trust: 0.8

db:CNVDid:CNVD-2022-91647

Trust: 0.6

db:AUSCERTid:ESB-2022.4844

Trust: 0.6

db:CNNVDid:CNNVD-202209-2911

Trust: 0.6

db:VULMONid:CVE-2022-20856

Trust: 0.1

sources: CNVD: CNVD-2022-91647 // VULMON: CVE-2022-20856 // JVNDB: JVNDB-2022-018760 // CNNVD: CNNVD-202209-2911 // NVD: CVE-2022-20856

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-c9800-mob-dos-342yac6j

Trust: 3.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-20856

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-20856/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-catalyst-9000-denial-of-service-via-capwap-mobility-39403

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4844

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-91647 // VULMON: CVE-2022-20856 // JVNDB: JVNDB-2022-018760 // CNNVD: CNNVD-202209-2911 // NVD: CVE-2022-20856

SOURCES

db:CNVDid:CNVD-2022-91647
db:VULMONid:CVE-2022-20856
db:JVNDBid:JVNDB-2022-018760
db:CNNVDid:CNNVD-202209-2911
db:NVDid:CVE-2022-20856

LAST UPDATE DATE

2024-08-14T15:27:05.101000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-91647date:2022-12-29T00:00:00
db:VULMONid:CVE-2022-20856date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2022-018760date:2023-10-23T07:20:00
db:CNNVDid:CNNVD-202209-2911date:2022-10-10T00:00:00
db:NVDid:CVE-2022-20856date:2023-11-07T03:43:08.077

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-91647date:2022-12-15T00:00:00
db:VULMONid:CVE-2022-20856date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2022-018760date:2023-10-23T00:00:00
db:CNNVDid:CNNVD-202209-2911date:2022-09-28T00:00:00
db:NVDid:CVE-2022-20856date:2022-09-30T19:15:13.223