// For flags

CVE-2022-20728

Cisco Access Points VLAN Bypass from Native VLAN Vulnerability

Severity Score

4.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.

Una vulnerabilidad en el código de reenvío de clientes de varios Puntos de Acceso (AP) de Cisco podría permitir a un atacante adyacente no autenticado inyectar paquetes de la VLAN nativa a clientes dentro de VLANs no nativas en un dispositivo afectado. Esta vulnerabilidad es debido a un error lógico en el AP que reenvía los paquetes destinados a un cliente inalámbrico si son recibidos en la VLAN nativa. Un atacante podría explotar esta vulnerabilidad al obtener acceso a la VLAN nativa y dirigiendo el tráfico directamente al cliente mediante su combinación MAC/IP. Una explotación con éxito podría permitir al atacante omitir la separación de VLAN y potencialmente también omitir cualquier mecanismo de protección de capa 3 que esté desplegado

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2021-11-02 CVE Reserved
  • 2022-09-30 CVE Published
  • 2024-04-19 EPSS Updated
  • 2024-11-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Aironet 1542d Firmware
Search vendor "Cisco" for product "Aironet 1542d Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1542d Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1542d
Search vendor "Cisco" for product "Aironet 1542d"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1542i Firmware
Search vendor "Cisco" for product "Aironet 1542i Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1542i Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1542i
Search vendor "Cisco" for product "Aironet 1542i"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1562i Firmware
Search vendor "Cisco" for product "Aironet 1562i Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1562i Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1562i
Search vendor "Cisco" for product "Aironet 1562i"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1562e Firmware
Search vendor "Cisco" for product "Aironet 1562e Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1562e Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1562e
Search vendor "Cisco" for product "Aironet 1562e"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1562d Firmware
Search vendor "Cisco" for product "Aironet 1562d Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1562d Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1562d
Search vendor "Cisco" for product "Aironet 1562d"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1815i Firmware
Search vendor "Cisco" for product "Aironet 1815i Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1815i Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1815i
Search vendor "Cisco" for product "Aironet 1815i"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1815m Firmware
Search vendor "Cisco" for product "Aironet 1815m Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1815m Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1815m
Search vendor "Cisco" for product "Aironet 1815m"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1815t Firmware
Search vendor "Cisco" for product "Aironet 1815t Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1815t Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1815t
Search vendor "Cisco" for product "Aironet 1815t"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1815w Firmware
Search vendor "Cisco" for product "Aironet 1815w Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1815w Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1815w
Search vendor "Cisco" for product "Aironet 1815w"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1830 Firmware
Search vendor "Cisco" for product "Aironet 1830 Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1830 Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1830
Search vendor "Cisco" for product "Aironet 1830"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1840 Firmware
Search vendor "Cisco" for product "Aironet 1840 Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1840 Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1840
Search vendor "Cisco" for product "Aironet 1840"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1850e Firmware
Search vendor "Cisco" for product "Aironet 1850e Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1850e Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1850e
Search vendor "Cisco" for product "Aironet 1850e"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 1850i Firmware
Search vendor "Cisco" for product "Aironet 1850i Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 1850i Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 1850i
Search vendor "Cisco" for product "Aironet 1850i"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 2800i Firmware
Search vendor "Cisco" for product "Aironet 2800i Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 2800i Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 2800i
Search vendor "Cisco" for product "Aironet 2800i"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 2800e Firmware
Search vendor "Cisco" for product "Aironet 2800e Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 2800e Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 2800e
Search vendor "Cisco" for product "Aironet 2800e"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 3800i Firmware
Search vendor "Cisco" for product "Aironet 3800i Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 3800i Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 3800i
Search vendor "Cisco" for product "Aironet 3800i"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 3800e Firmware
Search vendor "Cisco" for product "Aironet 3800e Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 3800e Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 3800e
Search vendor "Cisco" for product "Aironet 3800e"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 3800p Firmware
Search vendor "Cisco" for product "Aironet 3800p Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 3800p Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 3800p
Search vendor "Cisco" for product "Aironet 3800p"
--
Safe
Cisco
Search vendor "Cisco"
Aironet 4800 Firmware
Search vendor "Cisco" for product "Aironet 4800 Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Aironet 4800 Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Aironet 4800
Search vendor "Cisco" for product "Aironet 4800"
--
Safe
Cisco
Search vendor "Cisco"
Catalyst 9105ax Firmware
Search vendor "Cisco" for product "Catalyst 9105ax Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Catalyst 9105ax Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst 9105ax
Search vendor "Cisco" for product "Catalyst 9105ax"
--
Safe
Cisco
Search vendor "Cisco"
Catalyst 9115ax Firmware
Search vendor "Cisco" for product "Catalyst 9115ax Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Catalyst 9115ax Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst 9115ax
Search vendor "Cisco" for product "Catalyst 9115ax"
--
Safe
Cisco
Search vendor "Cisco"
Catalyst 9117ax Firmware
Search vendor "Cisco" for product "Catalyst 9117ax Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Catalyst 9117ax Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst 9117ax
Search vendor "Cisco" for product "Catalyst 9117ax"
--
Safe
Cisco
Search vendor "Cisco"
Catalyst 9120ax Firmware
Search vendor "Cisco" for product "Catalyst 9120ax Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Catalyst 9120ax Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst 9120ax
Search vendor "Cisco" for product "Catalyst 9120ax"
--
Safe
Cisco
Search vendor "Cisco"
Catalyst 9124ax Firmware
Search vendor "Cisco" for product "Catalyst 9124ax Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Catalyst 9124ax Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst 9124ax
Search vendor "Cisco" for product "Catalyst 9124ax"
--
Safe
Cisco
Search vendor "Cisco"
Catalyst 9130ax Firmware
Search vendor "Cisco" for product "Catalyst 9130ax Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Catalyst 9130ax Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst 9130ax
Search vendor "Cisco" for product "Catalyst 9130ax"
--
Safe
Cisco
Search vendor "Cisco"
Catalyst Iw6300 Firmware
Search vendor "Cisco" for product "Catalyst Iw6300 Firmware"
017.006\(001\)
Search vendor "Cisco" for product "Catalyst Iw6300 Firmware" and version "017.006\(001\)"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst Iw6300
Search vendor "Cisco" for product "Catalyst Iw6300"
--
Safe