7.4
CVE-2022-20769
- EPSS 0.16%
- Veröffentlicht 30.09.2022 19:15:11
- Zuletzt bearbeitet 21.11.2024 06:43:31
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Wireless Lan Controller Software Version < 8.10.171.0
Cisco ≫ Virtual Wireless Controller Version-
Cisco ≫ 2504 Wireless Lan Controller Version-
Cisco ≫ 3504 Wireless Lan Controller Version-
Cisco ≫ 5508 Wireless Lan Controller Version-
Cisco ≫ 5520 Wireless Lan Controller Version-
Cisco ≫ 8540 Wireless Lan Controller Version-
Cisco ≫ Flex 7510 Version-
Cisco ≫ 2504 Wireless Lan Controller Version-
Cisco ≫ 3504 Wireless Lan Controller Version-
Cisco ≫ 5508 Wireless Lan Controller Version-
Cisco ≫ 5520 Wireless Lan Controller Version-
Cisco ≫ 8540 Wireless Lan Controller Version-
Cisco ≫ Flex 7510 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.369 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| psirt@cisco.com | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.