Details of VAR-202209-1900

ID

VAR-202209-1900

CVE

CVE-2022-20856

TITLE

Cisco Systems Cisco IOS XE Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018760

DESCRIPTION

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition. Cisco Systems Cisco IOS XE Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Attackers can exploit the vulnerability to cause denial of service

Trust: 2.25

sources: NVD: CVE-2022-20856 // JVNDB: JVNDB-2022-018760 // CNVD: CNVD-2022-91647 // VULMON: CVE-2022-20856

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-91647

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4c	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	17.3.4c	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe 17.3.4c	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst	scope:	eq	version:	9800	Trust: 0.6
vendor:	cisco	model:	catalyst	scope:	eq	version:	9800-40	Trust: 0.6
vendor:	cisco	model:	catalyst	scope:	eq	version:	9800-80	Trust: 0.6
vendor:	cisco	model:	catalyst 9800-cl	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 9800-l	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 9800-lf	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 9800-lc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-91647 // JVNDB: JVNDB-2022-018760 // NVD: CVE-2022-20856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20856
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20856
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-20856
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-91647
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202209-2911
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2022-91647
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-20856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20856
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-91647 // JVNDB: JVNDB-2022-018760 // CNNVD: CNNVD-202209-2911 // NVD: CVE-2022-20856 // NVD: CVE-2022-20856

PROBLEMTYPE DATA

problemtype:	CWE-664	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018760 // NVD: CVE-2022-20856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-2911

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-2911

PATCH

title:	cisco-sa-c9800-mob-dos-342YAc6J	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J	Trust: 0.8
title:	Patch for Cisco IOS XE Wireless Controller software denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/384571	Trust: 0.6
title:	Cisco IOS XE Wireless Controller software Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209368	Trust: 0.6
title:	Cisco: Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-c9800-mob-dos-342YAc6J	Trust: 0.1

sources: CNVD: CNVD-2022-91647 // VULMON: CVE-2022-20856 // JVNDB: JVNDB-2022-018760 // CNNVD: CNNVD-202209-2911

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20856	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-018760	Trust: 0.8
db:	CNVD	id:	CNVD-2022-91647	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4844	Trust: 0.6
db:	CNNVD	id:	CNNVD-202209-2911	Trust: 0.6
db:	VULMON	id:	CVE-2022-20856	Trust: 0.1

sources: CNVD: CNVD-2022-91647 // VULMON: CVE-2022-20856 // JVNDB: JVNDB-2022-018760 // CNNVD: CNNVD-202209-2911 // NVD: CVE-2022-20856

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-c9800-mob-dos-342yac6j	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20856	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-20856/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-catalyst-9000-denial-of-service-via-capwap-mobility-39403	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4844	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-91647 // VULMON: CVE-2022-20856 // JVNDB: JVNDB-2022-018760 // CNNVD: CNNVD-202209-2911 // NVD: CVE-2022-20856

SOURCES

db:	CNVD	id:	CNVD-2022-91647
db:	VULMON	id:	CVE-2022-20856
db:	JVNDB	id:	JVNDB-2022-018760
db:	CNNVD	id:	CNNVD-202209-2911
db:	NVD	id:	CVE-2022-20856

LAST UPDATE DATE

2024-08-14T15:27:05.101000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-91647	date:	2022-12-29T00:00:00
db:	VULMON	id:	CVE-2022-20856	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-018760	date:	2023-10-23T07:20:00
db:	CNNVD	id:	CNNVD-202209-2911	date:	2022-10-10T00:00:00
db:	NVD	id:	CVE-2022-20856	date:	2023-11-07T03:43:08.077

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-91647	date:	2022-12-15T00:00:00
db:	VULMON	id:	CVE-2022-20856	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-018760	date:	2023-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202209-2911	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2022-20856	date:	2022-09-30T19:15:13.223