Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-20769— Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability

CVSS 7.4 · High EPSS 0.05% · P17
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-20769

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Wireless LAN Controller 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Wireless LAN Controller(WLC)是美国思科(Cisco)公司的一款无线局域网控制器产品。该产品在无线局域网中提供安全策略、入侵检测等功能。 Cisco Wireless LAN Controller (WLC) AireOS Software存在缓冲区错误漏洞,该漏洞源于身份验证功能中存在问题,该漏洞可能允许未经身份验证的相邻攻击者在受影响的设备上造成拒绝服务(DoS)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco Wireless LAN Controller (WLC) n/a -

II. Public POCs for CVE-2022-20769

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-20769

登录查看更多情报信息。

Same Patch Batch · Cisco · 2022-09-30 · 16 CVEs total

CVE-2022-209198.6 HIGHCisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnera
CVE-2022-208568.6 HIGHCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Den
CVE-2022-208488.6 HIGHCisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Poi
CVE-2022-208478.6 HIGHCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Den
CVE-2022-208557.9 HIGHCisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privileg
CVE-2022-208187.8 HIGHCisco SD-WAN Software Privilege Escalation Vulnerabilities
CVE-2022-207757.8 HIGHCisco SD-WAN Software Privilege Escalation Vulnerability
CVE-2022-209457.4 HIGHCisco Catalyst 9100 Series Access Points Association Request Denial of Service Vulnerabili
CVE-2022-209306.7 MEDIUMCisco SD-WAN Software Arbitrary File Corruption Vulnerability
CVE-2022-208106.5 MEDIUMCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Di
CVE-2022-206626.1 MEDIUMCisco Duo for macOS Authentication Bypass Vulnerability
CVE-2022-208515.5 MEDIUMCisco IOS XE Software Web UI Command Injection Vulnerability
CVE-2022-208505.5 MEDIUMCisco SD-WAN Arbitrary File Deletion Vulnerability
CVE-2022-208445.3 MEDIUMCisco Software-Defined Application Visibility and Control on Cisco vManage Static Username
CVE-2022-207284.7 MEDIUMCisco Access Points VLAN Bypass from Native VLAN Vulnerability

IV. Related Vulnerabilities

Same product: Cisco Wireless LAN Controller (WLC)
Same vendor: Cisco
Same weakness: CWE-787

V. Comments for CVE-2022-20769

No comments yet

Leave a comment