#VU67708 Improper access control in Cisco Systems, Inc products - CVE-2022-20728

Vulnerability identifier: #VU67708

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-20728

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
6300 Series Embedded Services Access Points
Aironet 1800 Access Points
Aironet 4800 Access Points
Business 100 Series Access Points
Business 200 Series Access Points
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco Catalyst 9100
Catalyst IW6300 AC Heavy Duty Access Point
Integrated AP on 1100 Integrated Services Routers
Cisco Catalyst 9800 Wireless Controller
Cisco Wireless LAN Controller

Software vendor:
Cisco Systems, Inc

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. A remote non-authenticated attacker on the local network with access to the native VLAN can direct traffic directly to the client through their MAC/IP combination, and as a result bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.

Install updates from vendor's website.

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz99036