Strix
26.1K

CVE-2022-20728

MEDIUMCVSS 4.7/10EPSS 0.24%

Last modified

CVE-2022-20728 is a medium-severity vulnerability rated 4.7/10 on the CVSS scale. A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.

Metrics

CVSS 3.1
4.7/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS Probability
0.24%

15.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoAironet 1542d Firmware017.006\(001\)
CiscoAironet 1542i Firmware017.006\(001\)
CiscoAironet 1562i Firmware017.006\(001\)
CiscoAironet 1562e Firmware017.006\(001\)
CiscoAironet 1562d Firmware017.006\(001\)
CiscoAironet 1815i Firmware017.006\(001\)
CiscoAironet 1815m Firmware017.006\(001\)
CiscoAironet 1815t Firmware017.006\(001\)
CiscoAironet 1815w Firmware017.006\(001\)
CiscoAironet 1830 Firmware017.006\(001\)
CiscoAironet 1840 Firmware017.006\(001\)
CiscoAironet 1850e Firmware017.006\(001\)
CiscoAironet 1850i Firmware017.006\(001\)
CiscoAironet 2800i Firmware017.006\(001\)
CiscoAironet 2800e Firmware017.006\(001\)
CiscoAironet 3800i Firmware017.006\(001\)
CiscoAironet 3800e Firmware017.006\(001\)
CiscoAironet 3800p Firmware017.006\(001\)
CiscoAironet 4800 Firmware017.006\(001\)
CiscoCatalyst 9105ax Firmware017.006\(001\)
CiscoCatalyst 9115ax Firmware017.006\(001\)
CiscoCatalyst 9117ax Firmware017.006\(001\)
CiscoCatalyst 9120ax Firmware017.006\(001\)
CiscoCatalyst 9124ax Firmware017.006\(001\)
CiscoCatalyst 9130ax Firmware017.006\(001\)
CiscoCatalyst Iw6300 Firmware017.006\(001\)

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-20728?
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.
How severe is CVE-2022-20728?
CVE-2022-20728 has a CVSS score of 4.7/10 (MEDIUM severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.
How do I fix CVE-2022-20728?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-20728?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST