VDB

CVE-2022-20682

CVE-2022-20682 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

EPSS 0.96% · 76.8th percentile

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.96%
76.8th percentile

Affected Products

VendorProductVersions
ciscoios_xe3.15.1xbs, 3.15.2xbs, 16.11.1
CiscoCisco IOS XE Softwaren/a

Exploit Intelligence

Timeline

  • Apr 14, 2022 CVE Published
  • Apr 16, 2022 EPSS Score
  • Jun 5, 2022 EPSS Score
  • Jul 26, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
  • Dec 24, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 23, 2023 EPSS Score
  • Aug 31, 2023 EPSS Score
  • Oct 21, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›