CVE-2022-20810 - Vulnerability Details

CVE-2022-20810 - Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Catalyst 9800 Catalyst 9800-40 Catalyst 9800-40 Wireless Controller Catalyst 9800-80 Catalyst 9800-80 Wireless Controller Catalyst 9800-cl Catalyst 9800-l Catalyst 9800-l-c Catalyst 9800-l-f Catalyst 9800 Embedded Wireless Controller Ios Xe

Configuration 1 [-]

AND

cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_9800:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40_wireless_controller:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80_wireless_controller:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800_embedded_wireless_controller:-:::::::*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ

History

Fri, 01 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-09-30T18:45:31.529834Z

Updated: 2024-11-01T18:51:30.065Z

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20810

Vulnrichment

Updated: 2024-08-03T02:24:49.984Z

NVD

Status : Modified

Published: 2022-09-30T19:15:11.703

Modified: 2024-11-21T06:43:36.007

Link: CVE-2022-20810

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object