VDB

CVE-2022-20622

CVE-2022-20622 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload.

EPSS 1.88% · 83.5th percentile

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
1.88%
83.5th percentile

Affected Products

VendorProductVersions
ciscoaironet_access_point_software17.3, 17.4
CiscoCisco Aironet Access Point Softwaren/a

Exploit Intelligence

Timeline

  • Apr 14, 2022 CVE Published
  • Apr 16, 2022 EPSS Score
  • Jun 5, 2022 EPSS Score
  • Jul 26, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
  • Dec 24, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 12, 2023 EPSS Score
  • Aug 31, 2023 EPSS Score
  • Oct 21, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›