cnvd - cnvd-2022-55145

cnvd-2022-55145

Vulnerability from cnvd

Title

Cisco IOS XE Wireless Controller software拒绝服务漏洞

Description

Cisco IOS XE Wireless Controller software是美国思科（Cisco）公司的一个无线局域网控制器。提供一个管理网络功能 Cisco IOS XE Wireless Controller software存在拒绝服务漏洞，该漏洞源于未充分验证对封装多播DNS (mDNS) 查询的传入CAPWAP数据包，攻击者可利用该漏洞导致拒绝服务。

Severity

高

Patch Name

Cisco IOS XE Wireless Controller software拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-capwap-mdns-6PSn7gKU

Reference

https://vigilance.fr/vulnerability/Cisco-IOS-XE-denial-of-service-via-CAPWAP-38066

Impacted products

Name
Cisco Cisco IOS XE Wireless Controller software

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-20682",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-20682"
    }
  },
  "description": "Cisco IOS XE Wireless Controller software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u65e0\u7ebf\u5c40\u57df\u7f51\u63a7\u5236\u5668\u3002\u63d0\u4f9b\u4e00\u4e2a\u7ba1\u7406\u7f51\u7edc\u529f\u80fd\n\nCisco IOS XE Wireless Controller software\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u5145\u5206\u9a8c\u8bc1\u5bf9\u5c01\u88c5\u591a\u64adDNS (mDNS) \u67e5\u8be2\u7684\u4f20\u5165CAPWAP\u6570\u636e\u5305\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-capwap-mdns-6PSn7gKU",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-55145",
  "openTime": "2022-08-04",
  "patchDescription": "Cisco IOS XE Wireless Controller software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u65e0\u7ebf\u5c40\u57df\u7f51\u63a7\u5236\u5668\u3002\u63d0\u4f9b\u4e00\u4e2a\u7ba1\u7406\u7f51\u7edc\u529f\u80fd\r\n\r\nCisco IOS XE Wireless Controller software\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u5145\u5206\u9a8c\u8bc1\u5bf9\u5c01\u88c5\u591a\u64adDNS (mDNS) \u67e5\u8be2\u7684\u4f20\u5165CAPWAP\u6570\u636e\u5305\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS XE Wireless Controller software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Cisco IOS XE Wireless Controller software"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/Cisco-IOS-XE-denial-of-service-via-CAPWAP-38066",
  "serverity": "\u9ad8",
  "submitTime": "2022-04-15",
  "title": "Cisco IOS XE Wireless Controller software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2022-20682 (GCVE-0-2022-20682)

Vulnerability from cvelistv5

Published

2022-04-15 14:16

Modified

2024-11-06 16:25

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-690

Summary

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

References

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-capwap-mdns-6PSn7gKU

vendor-advisory, x_refsource_CISCO