Lucene search

[email protected]CVE-2022-47522

HistoryApr 15, 2023 - 2:15 a.m.

CVE-2022-47522

2023-04-1502:15:07

CWE-290

[email protected]

web.nvd.nist.gov

cve-2022-47522

ieee 802.11

interception

mac address spoofing

power save frames

security context

nvd

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target’s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client’s pairwise encryption key.

Affected configurations

NVD

Node

ieeeieee_802.11

Node

sonicwalltz670Match-

AND

sonicwalltz670_firmwareMatch-

Node

sonicwalltz570Match-

AND

sonicwalltz570_firmwareMatch-

Node

sonicwalltz570pMatch-

AND

sonicwalltz570p_firmwareMatch-

Node

sonicwalltz570wMatch-

AND

sonicwalltz570w_firmwareMatch-

Node

sonicwalltz470Match-

AND

sonicwalltz470_firmwareMatch-

Node

sonicwalltz470wMatch-

AND

sonicwalltz470w_firmwareMatch-

Node

sonicwalltz370Match-

AND

sonicwalltz370_firmwareMatch-

Node

sonicwalltz370wMatch-

AND

sonicwalltz370w_firmwareMatch-

Node

sonicwalltz270_firmwareMatch-

AND

sonicwalltz270Match-

Node

sonicwalltz270w_firmwareMatch-

AND

sonicwalltz270wMatch-

Node

sonicwalltz600_firmwareMatch-

AND

sonicwalltz600Match-

Node

sonicwalltz600p_firmwareMatch-

AND

sonicwalltz600pMatch-

Node

sonicwalltz500_firmwareMatch-

AND

sonicwalltz500Match-

Node

sonicwalltz500w_firmwareMatch-

AND

sonicwalltz500wMatch-

Node

sonicwalltz400_firmwareMatch-

AND

sonicwalltz400Match-

Node

sonicwalltz400w_firmwareMatch-

AND

sonicwalltz400wMatch-

Node

sonicwalltz350_firmwareMatch-

AND

sonicwalltz350Match-

Node

sonicwalltz350w_firmwareMatch-

AND

sonicwalltz350wMatch-

Node

sonicwalltz300Match-

AND

sonicwalltz300_firmwareMatch-

Node

sonicwalltz300p_firmwareMatch-

AND

sonicwalltz300pMatch-

Node

sonicwalltz300w_firmwareMatch-

AND

sonicwalltz300wMatch-

Node

sonicwallsoho_250_firmwareMatch-

AND

sonicwallsoho_250Match-

Node

sonicwallsoho_250w_firmwareMatch-

AND

sonicwallsoho_250wMatch-

Node

sonicwallsonicwave_231c_firmwareMatch-

AND

sonicwallsonicwave_231cMatch-

Node

sonicwallsonicwave_224w_firmwareMatch-

AND

sonicwallsonicwave_224wMatch-

Node

sonicwallsonicwave_432o_firmwareMatch-

AND

sonicwallsonicwave_432oMatch-

Node

sonicwallsonicwave_621_firmwareMatch-

AND

sonicwallsonicwave_621Match-

Node

sonicwallsonicwave_641_firmwareMatch-

AND

sonicwallsonicwave_641Match-

Node

sonicwallsonicwave_681_firmwareMatch-

AND

sonicwallsonicwave_681Match-

CPENameOperatorVersion
ieee:ieee_802.11ieee ieee 802.11eq*

CPE	Name	Operator	Version
ieee:ieee_802.11	ieee ieee 802.11	eq	*

References

papers.mathyvanhoef.com/usenix2023-wifi.pdf

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006

www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc

www.wi-fi.org/discover-wi-fi/passpoint

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for CVE-2022-47522

freebsd_advisory1 ics2 prion1 nessus2 cvelist4 freebsd1 nvd4 cve3