Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family denial of service | CVE-2022-20682
NAME
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family denial of service
- Platforms Affected:
Cisco Catalyst 9800 Series Wireless Controllers
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300 Series Switches
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9400 Series Switches
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9500 Series Switches
Cisco Catalyst 9800-CL Wireless Controllers for Cloud
Cisco Embedded Wireless Controllers on Catalyst Access Points - Risk Level:
8.6 - Exploitability:
Unproven - Consequences:
Denial of Service
DESCRIPTION
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family is vulnerable to a denial of service, caused by inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. By connecting to a wireless network and sending a crafted mDNS query, a remote attacker could exploit this vulnerability to cause the device to crash and reload.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Cisco Security Advisory cisco-sa-c9800-capwap-mdns-6PSn7gKU for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-capwap-mdns-6PSn7gKU - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20682
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
