CVE-2022-20810

Published: Sep 30, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.

Affected (1)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	All versions

Running on/with	Platform Versions
Cisco Catalyst 9800	All versions
Cisco Catalyst 9800 40	All versions
Cisco Catalyst 9800 40 Wireless Controller	All versions
Cisco Catalyst 9800 80	All versions
Cisco Catalyst 9800 80 Wireless Controller	All versions
Cisco Catalyst 9800 Cl	All versions
Cisco Catalyst 9800 L	All versions
Cisco Catalyst 9800 L C	All versions
Cisco Catalyst 9800 L F	All versions
Cisco Catalyst 9800 Embedded Wireless Controller	All versions

Related CWEs

CWE-202

Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.