CVE-2022-20684 — Integer Overflow or Wraparound in Cisco IOS XE Software

CWE-190 — Integer Overflow or Wraparound CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

CNA7.4

EPSS

0.3%

top 48.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software Cisco IOS XE

Timeline

PublishedApr 15

Latest updateApr 16

Description

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacke…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

▶NVDcisco/ios_xe90 versions+89

🔴Vulnerability Details

GHSA

GHSA-63hr-qgwf-hhqh: A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the↗2022-04-16

▶

CVEList

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability↗2022-04-15

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability↗2022-04-13

▶