← Back

CVE-2022-20683

nvd nist
Published: Apr 15, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition.

Affected (101)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
101 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
Version 16.10.1
Ios Xe
Version 16.10.1a
Ios Xe
Version 16.10.1b
Ios Xe
Version 16.10.1c
Ios Xe
Version 16.10.1d
Ios Xe
Version 16.10.1e
Ios Xe
Version 16.10.1f
Ios Xe
Version 16.10.1g
Ios Xe
Version 16.10.1s
Ios Xe
Version 16.10.2
Ios Xe
Version 16.10.3
Ios Xe
Version 16.11.1
Ios Xe
Version 16.11.1a
Ios Xe
Version 16.11.1b
Ios Xe
Version 16.11.1c
Ios Xe
Version 16.11.1s
Ios Xe
Version 16.11.2
Ios Xe
Version 16.12.1
Ios Xe
Version 16.12.1a
Ios Xe
Version 16.12.1c
Ios Xe
Version 16.12.1s
Ios Xe
Version 16.12.1t
Ios Xe
Version 16.12.1w
Ios Xe
Version 16.12.1x
Ios Xe
Version 16.12.1y
Ios Xe
Version 16.12.1z1
Ios Xe
Version 16.12.1z2
Ios Xe
Version 16.12.1z
Ios Xe
Version 16.12.2
Ios Xe
Version 16.12.2a
Ios Xe
Version 16.12.2s
Ios Xe
Version 16.12.2t
Ios Xe
Version 16.12.3
Ios Xe
Version 16.12.3a
Ios Xe
Version 16.12.3s
Ios Xe
Version 16.12.4
Ios Xe
Version 16.12.4a
Ios Xe
Version 16.12.5
Ios Xe
Version 16.12.5a
Ios Xe
Version 16.12.5b
Ios Xe
Version 16.12.6
Ios Xe
Version 16.12.6a
Ios Xe
Version 16.7.2
Ios Xe
Version 16.7.3
Ios Xe
Version 16.7.4
Ios Xe
Version 16.8.1
Ios Xe
Version 16.8.1a
Ios Xe
Version 16.8.1b
Ios Xe
Version 16.8.1c
Ios Xe
Version 16.8.1d
Ios Xe
Version 16.8.1e
Ios Xe
Version 16.8.1s
Ios Xe
Version 16.8.2
Ios Xe
Version 16.8.3
Ios Xe
Version 16.9.1
Ios Xe
Version 16.9.1a
Ios Xe
Version 16.9.1b
Ios Xe
Version 16.9.1c
Ios Xe
Version 16.9.1d
Ios Xe
Version 16.9.1s
Ios Xe
Version 16.9.2
Ios Xe
Version 16.9.2a
Ios Xe
Version 16.9.2s
Ios Xe
Version 16.9.3
Ios Xe
Version 16.9.3a
Ios Xe
Version 16.9.3h
Ios Xe
Version 16.9.3s
Ios Xe
Version 16.9.4
Ios Xe
Version 16.9.4c
Ios Xe
Version 16.9.5
Ios Xe
Version 16.9.5f
Ios Xe
Version 16.9.6
Ios Xe
Version 16.9.7
Ios Xe
Version 16.9.8
Ios Xe
Version 17.1.1
Ios Xe
Version 17.1.1a
Ios Xe
Version 17.1.1s
Ios Xe
Version 17.1.1t
Ios Xe
Version 17.1.2
Ios Xe
Version 17.1.3
Ios Xe
Version 17.2.1
Ios Xe
Version 17.2.1a
Ios Xe
Version 17.2.1r
Ios Xe
Version 17.2.1v
Ios Xe
Version 17.2.2
Ios Xe
Version 17.2.3
Ios Xe
Version 17.3.1
Ios Xe
Version 17.3.1a
Ios Xe
Version 17.3.1w
Ios Xe
Version 17.3.1x
Ios Xe
Version 17.3.1z
Ios Xe
Version 17.3.2
Ios Xe
Version 17.3.2a
Ios Xe
Version 17.4.1
Ios Xe
Version 17.4.1a
Ios Xe
Version 17.4.1b
Ios Xe
Version 17.4.1c
Ios Xe
Version 17.4.2
Ios Xe
Version 17.4.2a
Ios Xe
Version 3.15.1xbs
Ios Xe
Version 3.15.2xbs

Related CWEs

CWE-124
Buffer Underwrite ('Buffer Underflow')
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.