CVE-2022-20769

2022-09-3019:15:11

CWE-787

[email protected]

web.nvd.nist.gov

cisco wlc

aireos software

authentication

vulnerability

dos

fips mode

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.8%

JSON

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.

Affected configurations

Nvd

Node

ciscowireless_lan_controller_softwareRange<8.10.171.0

AND

ciscovirtual_wireless_controllerMatch-

cisco2504_wireless_lan_controllerMatch-

cisco3504_wireless_lan_controllerMatch-

cisco5508_wireless_lan_controllerMatch-

cisco5520_wireless_lan_controllerMatch-

cisco8540_wireless_lan_controllerMatch-

ciscoflex_7510Match-

VendorProductVersionCPE
ciscowireless_lan_controller_software*cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*
ciscovirtual_wireless_controller-cpe:2.3:a:cisco:virtual_wireless_controller:-:*:*:*:*:*:*:*
cisco2504_wireless_lan_controller-cpe:2.3:h:cisco:2504_wireless_lan_controller:-:*:*:*:*:*:*:*
cisco3504_wireless_lan_controller-cpe:2.3:h:cisco:3504_wireless_lan_controller:-:*:*:*:*:*:*:*
cisco5508_wireless_lan_controller-cpe:2.3:h:cisco:5508_wireless_lan_controller:-:*:*:*:*:*:*:*
cisco5520_wireless_lan_controller-cpe:2.3:h:cisco:5520_wireless_lan_controller:-:*:*:*:*:*:*:*
cisco8540_wireless_lan_controller-cpe:2.3:h:cisco:8540_wireless_lan_controller:-:*:*:*:*:*:*:*
ciscoflex_7510-cpe:2.3:h:cisco:flex_7510:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	wireless_lan_controller_software	*	cpe:2.3:o:cisco:wireless_lan_controller_software::::::::
cisco	virtual_wireless_controller	-	cpe:2.3:a:cisco:virtual_wireless_controller:-:::::::*
cisco	2504_wireless_lan_controller	-	cpe:2.3:h:cisco:2504_wireless_lan_controller:-:::::::*
cisco	3504_wireless_lan_controller	-	cpe:2.3:h:cisco:3504_wireless_lan_controller:-:::::::*
cisco	5508_wireless_lan_controller	-	cpe:2.3:h:cisco:5508_wireless_lan_controller:-:::::::*
cisco	5520_wireless_lan_controller	-	cpe:2.3:h:cisco:5520_wireless_lan_controller:-:::::::*
cisco	8540_wireless_lan_controller	-	cpe:2.3:h:cisco:8540_wireless_lan_controller:-:::::::*
cisco	flex_7510	-	cpe:2.3:h:cisco:flex_7510:-:::::::*