Cisco Catalyst 9800 WLC CAPWAP Mobility Message DoS Vulnerability (CVE-2022-20856)

Critical Vulnerability Information Vulnerability Summary Risk Level: High Vulnerability ID: cisco-sa-c9800-mob-dos-342YAc6J, CVE-2022-20856, CWE-664 Initial Release: September 28, 2022, 16:00 GMT Version: 1.0, Final Version Vulnerability Description Summary: A logic error and improper resource management exist when processing CAPWAP mobility messages, allowing a remote attacker to send forged CAPWAP mobility messages and cause a denial-of-service (DoS) condition on affected devices. CVSS Score: Base 8.6 Affected Products Affected Products: - Catalyst 9800-CL Wireless Controller - Catalyst 9800 Embedded Wireless Controller - Catalyst 9800 Series Wireless Controller Products Confirmed Not Affected: - Embedded Wireless Controllers - IOS Software - IOS XR Software - Meraki Products - NX-OS Software - Wireless LAN Controller (WLC) AireOS Software Workarounds No workarounds available Solution Cisco has released free software updates to fix this vulnerability. For more information on licensing and downloads, visit the Cisco Support and Downloads page: http://www.cisco.com/c/en/us/products/end-user-license-agreement.html Exploitation and Public Announcements Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious exploitation of this vulnerability. Source This vulnerability was discovered during the resolution of a Cisco TAC support case. URL Security Advisory Link

Goal Reached Thanks to every supporter — we hit 100%!

Cisco Catalyst 9800 WLC CAPWAP Mobility Message DoS Vulnerability (CVE-2022-20856)