CVE-2022-20945

CVE Database · CVE-2022-20945

CVE-2022-20945

· HIGHModified

CVSS v3.1

7.4

EPSS

0.43%

Published

Sep 30, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-120CWE-20

Affected Products (8)

cisco · catalyst_9800-l_firmware (up to 17.6.4)vulnerable

cisco · catalyst_9800-l

cisco · catalyst_9800-40_firmware (up to 17.6.4)vulnerable

cisco · catalyst_9800-40

cisco · catalyst_9800-80_firmware (up to 17.6.4)vulnerable

cisco · catalyst_9800-80

cisco · catalyst_9800-cl_firmware (up to 17.6.4)vulnerable