CVE-2022-20769 (CNNVD-202209-2867)
中文标题:
Cisco Wireless LAN Controller 缓冲区错误漏洞
英文标题:
Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability
漏洞描述
中文描述:
Cisco Wireless LAN Controller(WLC)是美国思科(Cisco)公司的一款无线局域网控制器产品。该产品在无线局域网中提供安全策略、入侵检测等功能。 Cisco Wireless LAN Controller (WLC) AireOS Software存在缓冲区错误漏洞,该漏洞源于身份验证功能中存在问题,该漏洞可能允许未经身份验证的相邻攻击者在受影响的设备上造成拒绝服务(DoS)。
英文描述:
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Wireless LAN Controller (WLC) | n/a | - | - |
cpe:2.3:a:cisco:cisco_wireless_lan_controller_(wlc):n_a:*:*:*:*:*:*:*
|
| cisco | wireless_lan_controller_software | * | - | - |
cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2022-20769 |
2025-11-11 15:21:15 | 2025-11-11 07:37:15 |
| NVD | nvd_CVE-2022-20769 |
2025-11-11 14:58:25 | 2025-11-11 07:45:32 |
| CNNVD | cnnvd_CNNVD-202209-2867 |
2025-11-11 15:11:01 | 2025-11-11 07:57:33 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 缓冲区错误
- cnnvd_id: 未提取 -> CNNVD-202209-2867
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']