ID
VAR-202209-1971
CVE
CVE-2022-20945
TITLE
Input validation vulnerability in multiple Cisco Systems products
Trust: 0.8
DESCRIPTION
A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. Cisco Catalyst 9800-L firmware, Cisco Catalyst 9800-40 firmware, Cisco Catalyst 9800-80 Multiple Cisco Systems products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. A denial of service vulnerability exists in the Cisco Catalyst 9100 Series
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | catalyst 9800-80 | scope: | lt | version: | 17.6.4 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst 9800-cl | scope: | lt | version: | 17.6.4 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst 9800-cl | scope: | gte | version: | 17.6 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst 9800-80 | scope: | gte | version: | 17.6 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst 9800-40 | scope: | lt | version: | 17.6.4 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst 9800-40 | scope: | gte | version: | 17.6 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst 9800-l | scope: | gte | version: | 17.6 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst 9800-l | scope: | lt | version: | 17.6.4 | Trust: 1.0 |
| vendor: | シスコシステムズ | model: | cisco catalyst 9800-l シリーズ | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst 9800-cl シリーズ | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst 9800-80 シリーズ | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst 9800-40 シリーズ | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | catalyst 9800-l | scope: | gte | version: | 17.6,<17.6.4 | Trust: 0.6 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 9800-40>=17.6,<17.6.4 | Trust: 0.6 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 9800-80>=17.6,<17.6.4 | Trust: 0.6 |
| vendor: | cisco | model: | catalyst 9800-cl | scope: | gte | version: | 17.6,<17.6.4 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.0 |
| problemtype: | CWE-20 | Trust: 1.0 |
| problemtype: | Inappropriate input confirmation (CWE-20) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote or local
Trust: 0.6
TYPE
input validation error
Trust: 0.6
PATCH
| title: | cisco-sa-ap-assoc-dos-EgVqtON8 | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8 | Trust: 0.8 |
| title: | Patch for Cisco Catalyst 9100 Series Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/372466 | Trust: 0.6 |
| title: | Cisco Catalyst Enter the fix for the verification error vulnerability | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=209686 | Trust: 0.6 |
| title: | Cisco: Cisco Catalyst 9100 Series Access Points Association Request Denial of Service Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ap-assoc-dos-EgVqtON8 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-20945 | Trust: 3.9 |
| db: | JVNDB | id: | JVNDB-2022-018199 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-88179 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2022.4811 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202209-2872 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-20945 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ap-assoc-dos-egvqton8 | Trust: 2.4 |
| url: | https://vigilance.fr/vulnerability/cisco-catalyst-9100-denial-of-service-via-association-request-39404 | Trust: 1.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-20945 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-20945/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.4811 | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2022-88179 |
| db: | VULMON | id: | CVE-2022-20945 |
| db: | JVNDB | id: | JVNDB-2022-018199 |
| db: | CNNVD | id: | CNNVD-202209-2872 |
| db: | NVD | id: | CVE-2022-20945 |
LAST UPDATE DATE
2024-08-14T15:21:36.725000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-88179 | date: | 2022-12-18T00:00:00 |
| db: | VULMON | id: | CVE-2022-20945 | date: | 2022-09-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018199 | date: | 2023-10-19T02:30:00 |
| db: | CNNVD | id: | CNNVD-202209-2872 | date: | 2022-10-08T00:00:00 |
| db: | NVD | id: | CVE-2022-20945 | date: | 2023-11-07T03:43:22.547 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-88179 | date: | 2022-12-15T00:00:00 |
| db: | VULMON | id: | CVE-2022-20945 | date: | 2022-09-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018199 | date: | 2023-10-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-202209-2872 | date: | 2022-09-28T00:00:00 |
| db: | NVD | id: | CVE-2022-20945 | date: | 2022-09-30T19:15:13.770 |