CVE-2022-20728
Cisco Access Points VLAN Bypass from Native VLAN Vulnerability
Severity Score
4.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.
Una vulnerabilidad en el código de reenvío de clientes de varios Puntos de Acceso (AP) de Cisco podría permitir a un atacante adyacente no autenticado inyectar paquetes de la VLAN nativa a clientes dentro de VLANs no nativas en un dispositivo afectado. Esta vulnerabilidad es debido a un error lógico en el AP que reenvía los paquetes destinados a un cliente inalámbrico si son recibidos en la VLAN nativa. Un atacante podría explotar esta vulnerabilidad al obtener acceso a la VLAN nativa y dirigiendo el tráfico directamente al cliente mediante su combinación MAC/IP. Una explotación con éxito podría permitir al atacante omitir la separación de VLAN y potencialmente también omitir cualquier mecanismo de protección de capa 3 que esté desplegado
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-02 CVE Reserved
- 2022-09-30 CVE Published
- 2024-04-19 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Aironet 1542d Firmware Search vendor "Cisco" for product "Aironet 1542d Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1542d Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1542d Search vendor "Cisco" for product "Aironet 1542d" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1542i Firmware Search vendor "Cisco" for product "Aironet 1542i Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1542i Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1542i Search vendor "Cisco" for product "Aironet 1542i" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1562i Firmware Search vendor "Cisco" for product "Aironet 1562i Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1562i Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1562i Search vendor "Cisco" for product "Aironet 1562i" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1562e Firmware Search vendor "Cisco" for product "Aironet 1562e Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1562e Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1562e Search vendor "Cisco" for product "Aironet 1562e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1562d Firmware Search vendor "Cisco" for product "Aironet 1562d Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1562d Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1562d Search vendor "Cisco" for product "Aironet 1562d" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1815i Firmware Search vendor "Cisco" for product "Aironet 1815i Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1815i Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1815i Search vendor "Cisco" for product "Aironet 1815i" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1815m Firmware Search vendor "Cisco" for product "Aironet 1815m Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1815m Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1815m Search vendor "Cisco" for product "Aironet 1815m" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1815t Firmware Search vendor "Cisco" for product "Aironet 1815t Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1815t Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1815t Search vendor "Cisco" for product "Aironet 1815t" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1815w Firmware Search vendor "Cisco" for product "Aironet 1815w Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1815w Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1815w Search vendor "Cisco" for product "Aironet 1815w" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1830 Firmware Search vendor "Cisco" for product "Aironet 1830 Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1830 Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1830 Search vendor "Cisco" for product "Aironet 1830" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1840 Firmware Search vendor "Cisco" for product "Aironet 1840 Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1840 Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1840 Search vendor "Cisco" for product "Aironet 1840" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1850e Firmware Search vendor "Cisco" for product "Aironet 1850e Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1850e Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1850e Search vendor "Cisco" for product "Aironet 1850e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 1850i Firmware Search vendor "Cisco" for product "Aironet 1850i Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 1850i Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 1850i Search vendor "Cisco" for product "Aironet 1850i" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 2800i Firmware Search vendor "Cisco" for product "Aironet 2800i Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 2800i Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 2800i Search vendor "Cisco" for product "Aironet 2800i" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 2800e Firmware Search vendor "Cisco" for product "Aironet 2800e Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 2800e Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 2800e Search vendor "Cisco" for product "Aironet 2800e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 3800i Firmware Search vendor "Cisco" for product "Aironet 3800i Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 3800i Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 3800i Search vendor "Cisco" for product "Aironet 3800i" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 3800e Firmware Search vendor "Cisco" for product "Aironet 3800e Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 3800e Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 3800e Search vendor "Cisco" for product "Aironet 3800e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 3800p Firmware Search vendor "Cisco" for product "Aironet 3800p Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 3800p Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 3800p Search vendor "Cisco" for product "Aironet 3800p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Aironet 4800 Firmware Search vendor "Cisco" for product "Aironet 4800 Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Aironet 4800 Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Aironet 4800 Search vendor "Cisco" for product "Aironet 4800" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Catalyst 9105ax Firmware Search vendor "Cisco" for product "Catalyst 9105ax Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Catalyst 9105ax Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9105ax Search vendor "Cisco" for product "Catalyst 9105ax" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Catalyst 9115ax Firmware Search vendor "Cisco" for product "Catalyst 9115ax Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Catalyst 9115ax Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9115ax Search vendor "Cisco" for product "Catalyst 9115ax" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Catalyst 9117ax Firmware Search vendor "Cisco" for product "Catalyst 9117ax Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Catalyst 9117ax Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9117ax Search vendor "Cisco" for product "Catalyst 9117ax" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Catalyst 9120ax Firmware Search vendor "Cisco" for product "Catalyst 9120ax Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Catalyst 9120ax Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9120ax Search vendor "Cisco" for product "Catalyst 9120ax" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Catalyst 9124ax Firmware Search vendor "Cisco" for product "Catalyst 9124ax Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Catalyst 9124ax Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9124ax Search vendor "Cisco" for product "Catalyst 9124ax" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Catalyst 9130ax Firmware Search vendor "Cisco" for product "Catalyst 9130ax Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Catalyst 9130ax Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9130ax Search vendor "Cisco" for product "Catalyst 9130ax" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Catalyst Iw6300 Firmware Search vendor "Cisco" for product "Catalyst Iw6300 Firmware" | 017.006\(001\) Search vendor "Cisco" for product "Catalyst Iw6300 Firmware" and version "017.006\(001\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst Iw6300 Search vendor "Cisco" for product "Catalyst Iw6300" | - | - |
Safe
|