ID

VAR-202209-1971


CVE

CVE-2022-20945


TITLE

Input validation vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018199

DESCRIPTION

A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. Cisco Catalyst 9800-L firmware, Cisco Catalyst 9800-40 firmware, Cisco Catalyst 9800-80 Multiple Cisco Systems products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. A denial of service vulnerability exists in the Cisco Catalyst 9100 Series

Trust: 2.25

sources: NVD: CVE-2022-20945 // JVNDB: JVNDB-2022-018199 // CNVD: CNVD-2022-88179 // VULMON: CVE-2022-20945

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-88179

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst 9800-80scope:ltversion:17.6.4

Trust: 1.0

vendor:ciscomodel:catalyst 9800-clscope:ltversion:17.6.4

Trust: 1.0

vendor:ciscomodel:catalyst 9800-clscope:gteversion:17.6

Trust: 1.0

vendor:ciscomodel:catalyst 9800-80scope:gteversion:17.6

Trust: 1.0

vendor:ciscomodel:catalyst 9800-40scope:ltversion:17.6.4

Trust: 1.0

vendor:ciscomodel:catalyst 9800-40scope:gteversion:17.6

Trust: 1.0

vendor:ciscomodel:catalyst 9800-lscope:gteversion:17.6

Trust: 1.0

vendor:ciscomodel:catalyst 9800-lscope:ltversion:17.6.4

Trust: 1.0

vendor:シスコシステムズmodel:cisco catalyst 9800-l シリーズscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst 9800-cl シリーズscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst 9800-80 シリーズscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst 9800-40 シリーズscope: - version: -

Trust: 0.8

vendor:ciscomodel:catalyst 9800-lscope:gteversion:17.6,<17.6.4

Trust: 0.6

vendor:ciscomodel:catalystscope:eqversion:9800-40>=17.6,<17.6.4

Trust: 0.6

vendor:ciscomodel:catalystscope:eqversion:9800-80>=17.6,<17.6.4

Trust: 0.6

vendor:ciscomodel:catalyst 9800-clscope:gteversion:17.6,<17.6.4

Trust: 0.6

sources: CNVD: CNVD-2022-88179 // JVNDB: JVNDB-2022-018199 // NVD: CVE-2022-20945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20945
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20945
value: HIGH

Trust: 1.0

NVD: CVE-2022-20945
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-88179
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202209-2872
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2022-88179
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-20945
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20945
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20945
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-88179 // JVNDB: JVNDB-2022-018199 // CNNVD: CNNVD-202209-2872 // NVD: CVE-2022-20945 // NVD: CVE-2022-20945

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018199 // NVD: CVE-2022-20945

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2872

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202209-2872

PATCH

title:cisco-sa-ap-assoc-dos-EgVqtON8url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8

Trust: 0.8

title:Patch for Cisco Catalyst 9100 Series Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/372466

Trust: 0.6

title:Cisco Catalyst Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209686

Trust: 0.6

title:Cisco: Cisco Catalyst 9100 Series Access Points Association Request Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ap-assoc-dos-EgVqtON8

Trust: 0.1

sources: CNVD: CNVD-2022-88179 // VULMON: CVE-2022-20945 // JVNDB: JVNDB-2022-018199 // CNNVD: CNNVD-202209-2872

EXTERNAL IDS

db:NVDid:CVE-2022-20945

Trust: 3.9

db:JVNDBid:JVNDB-2022-018199

Trust: 0.8

db:CNVDid:CNVD-2022-88179

Trust: 0.6

db:AUSCERTid:ESB-2022.4811

Trust: 0.6

db:CNNVDid:CNNVD-202209-2872

Trust: 0.6

db:VULMONid:CVE-2022-20945

Trust: 0.1

sources: CNVD: CNVD-2022-88179 // VULMON: CVE-2022-20945 // JVNDB: JVNDB-2022-018199 // CNNVD: CNNVD-202209-2872 // NVD: CVE-2022-20945

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ap-assoc-dos-egvqton8

Trust: 2.4

url:https://vigilance.fr/vulnerability/cisco-catalyst-9100-denial-of-service-via-association-request-39404

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-20945

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20945/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4811

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-88179 // VULMON: CVE-2022-20945 // JVNDB: JVNDB-2022-018199 // CNNVD: CNNVD-202209-2872 // NVD: CVE-2022-20945

SOURCES

db:CNVDid:CNVD-2022-88179
db:VULMONid:CVE-2022-20945
db:JVNDBid:JVNDB-2022-018199
db:CNNVDid:CNNVD-202209-2872
db:NVDid:CVE-2022-20945

LAST UPDATE DATE

2024-08-14T15:21:36.725000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-88179date:2022-12-18T00:00:00
db:VULMONid:CVE-2022-20945date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2022-018199date:2023-10-19T02:30:00
db:CNNVDid:CNNVD-202209-2872date:2022-10-08T00:00:00
db:NVDid:CVE-2022-20945date:2023-11-07T03:43:22.547

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-88179date:2022-12-15T00:00:00
db:VULMONid:CVE-2022-20945date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2022-018199date:2023-10-19T00:00:00
db:CNNVDid:CNNVD-202209-2872date:2022-09-28T00:00:00
db:NVDid:CVE-2022-20945date:2022-09-30T19:15:13.770