cisco aironet-access-point-software CVE-2022-20622 is a vulnerability in Cisco Aironet Access Point Software
Published on April 15, 2022

Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2022-20622 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.


Products Associated with CVE-2022-20622

Want to know whenever a new CVE is published for Cisco Aironet Access Point Software? stack.watch will email you.

Cisco Aironet Access Point Software
 

Affected Versions

Cisco Aironet Access Point Software Version n/a is affected by CVE-2022-20622

Exploit Probability

EPSS
1.88%
Percentile
83.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.