Strix
26.1K

CVE-2022-47522

HIGHCVSS 7.5/10EPSS 0.90%

Last modified

CVE-2022-47522 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.. EPSS estimates a 0.90% chance of exploitation in the next 30 days.

Description

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.90%

55.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IeeeIeee 802.11All versions
SonicwallTz670 FirmwareAll versions
SonicwallTz570 FirmwareAll versions
SonicwallTz570p FirmwareAll versions
SonicwallTz570w FirmwareAll versions
SonicwallTz470 FirmwareAll versions
SonicwallTz470w FirmwareAll versions
SonicwallTz370 FirmwareAll versions
SonicwallTz370w FirmwareAll versions
SonicwallTz270 FirmwareAll versions
SonicwallTz270w FirmwareAll versions
SonicwallTz600 FirmwareAll versions
SonicwallTz600p FirmwareAll versions
SonicwallTz500 FirmwareAll versions
SonicwallTz500w FirmwareAll versions
SonicwallTz400 FirmwareAll versions
SonicwallTz400w FirmwareAll versions
SonicwallTz350 FirmwareAll versions
SonicwallTz350w FirmwareAll versions
SonicwallTz300 FirmwareAll versions
SonicwallTz300p FirmwareAll versions
SonicwallTz300w FirmwareAll versions
SonicwallSoho 250 FirmwareAll versions
SonicwallSoho 250w FirmwareAll versions
SonicwallSonicwave 231c FirmwareAll versions
SonicwallSonicwave 224w FirmwareAll versions
SonicwallSonicwave 432o FirmwareAll versions
SonicwallSonicwave 621 FirmwareAll versions
SonicwallSonicwave 641 FirmwareAll versions
SonicwallSonicwave 681 FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-47522?
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
How severe is CVE-2022-47522?
CVE-2022-47522 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.90% probability of exploitation in the next 30 days.
How do I fix CVE-2022-47522?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-47522?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST