CVE-2022-20728: Cisco Access Points VLAN Bypass from Native VLAN Vulnerability
First published: Fri Sep 30 2022(Updated: )
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| cisco aironet 1542d firmware | =017.006\(001\) | |
| Cisco Aironet 1542d | ||
| cisco aironet 1542i firmware | =017.006\(001\) | |
| Cisco Aironet 1542i | ||
| Cisco Aironet 1562 firmware | =017.006\(001\) | |
| Cisco Aironet 1562 firmware | ||
| Cisco Aironet 1562E | =017.006\(001\) | |
| Cisco Aironet 1562E Firmware | ||
| Cisco Aironet 1562 firmware | =017.006\(001\) | |
| Cisco Aironet 1562 firmware | ||
| Cisco Aironet 1815i | =017.006\(001\) | |
| Cisco Aironet 1815i | ||
| Cisco Aironet 1815M Firmware | =017.006\(001\) | |
| Cisco Aironet 1815M Firmware | ||
| Cisco Aironet 1815T Firmware | =017.006\(001\) | |
| Cisco Aironet 1815T Firmware | ||
| Cisco Aironet 1815W Firmware | =017.006\(001\) | |
| Cisco Aironet 1815W Firmware | ||
| Cisco Aironet 1830i Firmware | =017.006\(001\) | |
| Cisco Aironet 1830i Firmware | ||
| Cisco Aironet 1840i Firmware | =017.006\(001\) | |
| Cisco Aironet 1840i Firmware | ||
| Cisco Aironet 1850E Firmware | =017.006\(001\) | |
| Cisco Aironet 1850E Firmware | ||
| Cisco Aironet 1850i Firmware | =017.006\(001\) | |
| Cisco Aironet 1850i Firmware | ||
| cisco aironet 2800i firmware | =017.006\(001\) | |
| Cisco Aironet 2800i | ||
| cisco aironet 2800e firmware | =017.006\(001\) | |
| Cisco Aironet 2800e | ||
| cisco aironet 3800i firmware | =017.006\(001\) | |
| Cisco Aironet 3800i | ||
| Cisco Aironet 3800E Firmware | =017.006\(001\) | |
| Cisco Aironet 3800E Firmware | ||
| Cisco Aironet 3800P Firmware | =017.006\(001\) | |
| Cisco Aironet 3800P Firmware | ||
| Cisco Aironet 4800 Firmware | =017.006\(001\) | |
| Cisco Aironet 4800 Firmware | ||
| Cisco Catalyst 9105AX Firmware | =017.006\(001\) | |
| Cisco Catalyst 9105AXW | ||
| Cisco Catalyst 9115AX | =017.006\(001\) | |
| Cisco Catalyst 9115axe | ||
| Cisco Catalyst 9117AX Firmware | =017.006\(001\) | |
| Cisco Catalyst 9117AX Firmware | ||
| Cisco Catalyst 9120AXE Firmware | =017.006\(001\) | |
| Cisco Catalyst 9120AX Firmware | ||
| Cisco Catalyst 9124AXI Firmware | =017.006\(001\) | |
| Cisco Catalyst 9124 | ||
| Cisco Catalyst 9130AX Firmware | =017.006\(001\) | |
| Cisco Catalyst 9130AXE | ||
| Cisco Catalyst IW6300 Firmware | =017.006\(001\) | |
| Cisco Catalyst IW6300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-20728?
CVE-2022-20728 is a vulnerability in the client forwarding code of multiple Cisco Access Points (APs) that allows an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs.
How does CVE-2022-20728 affect Cisco Access Points?
CVE-2022-20728 affects multiple Cisco Access Points (APs) by allowing an attacker to inject packets from the native VLAN to clients within nonnative VLANs.
What is the severity of CVE-2022-20728?
CVE-2022-20728 has a severity rating of 4.7 out of 10, which is considered medium severity.
How can I fix CVE-2022-20728?
To fix CVE-2022-20728, Cisco has released a software update. Please refer to the Cisco Security Advisory for specific instructions.
Where can I find more information about CVE-2022-20728?
You can find more information about CVE-2022-20728 in the Cisco Security Advisory.
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco aironet 1542d firmware
- version/cisco aironet 1542d firmware/017.006\(001\)
- canonical/cisco aironet 1542d
- canonical/cisco aironet 1542i firmware
- version/cisco aironet 1542i firmware/017.006\(001\)
- canonical/cisco aironet 1542i
- canonical/cisco aironet 1562 firmware
- version/cisco aironet 1562 firmware/017.006\(001\)
- canonical/cisco aironet 1562e
- version/cisco aironet 1562e/017.006\(001\)
- canonical/cisco aironet 1562e firmware
- canonical/cisco aironet 1815i
- version/cisco aironet 1815i/017.006\(001\)
- canonical/cisco aironet 1815m firmware
- version/cisco aironet 1815m firmware/017.006\(001\)
- canonical/cisco aironet 1815t firmware
- version/cisco aironet 1815t firmware/017.006\(001\)
- canonical/cisco aironet 1815w firmware
- version/cisco aironet 1815w firmware/017.006\(001\)
- canonical/cisco aironet 1830i firmware
- version/cisco aironet 1830i firmware/017.006\(001\)
- canonical/cisco aironet 1840i firmware
- version/cisco aironet 1840i firmware/017.006\(001\)
- canonical/cisco aironet 1850e firmware
- version/cisco aironet 1850e firmware/017.006\(001\)
- canonical/cisco aironet 1850i firmware
- version/cisco aironet 1850i firmware/017.006\(001\)
- canonical/cisco aironet 2800i firmware
- version/cisco aironet 2800i firmware/017.006\(001\)
- canonical/cisco aironet 2800i
- canonical/cisco aironet 2800e firmware
- version/cisco aironet 2800e firmware/017.006\(001\)
- canonical/cisco aironet 2800e
- canonical/cisco aironet 3800i firmware
- version/cisco aironet 3800i firmware/017.006\(001\)
- canonical/cisco aironet 3800i
- canonical/cisco aironet 3800e firmware
- version/cisco aironet 3800e firmware/017.006\(001\)
- canonical/cisco aironet 3800p firmware
- version/cisco aironet 3800p firmware/017.006\(001\)
- canonical/cisco aironet 4800 firmware
- version/cisco aironet 4800 firmware/017.006\(001\)
- canonical/cisco catalyst 9105ax firmware
- version/cisco catalyst 9105ax firmware/017.006\(001\)
- canonical/cisco catalyst 9105axw
- canonical/cisco catalyst 9115ax
- version/cisco catalyst 9115ax/017.006\(001\)
- canonical/cisco catalyst 9115axe
- canonical/cisco catalyst 9117ax firmware
- version/cisco catalyst 9117ax firmware/017.006\(001\)
- canonical/cisco catalyst 9120axe firmware
- version/cisco catalyst 9120axe firmware/017.006\(001\)
- canonical/cisco catalyst 9120ax firmware
- canonical/cisco catalyst 9124axi firmware
- version/cisco catalyst 9124axi firmware/017.006\(001\)
- canonical/cisco catalyst 9124
- canonical/cisco catalyst 9130ax firmware
- version/cisco catalyst 9130ax firmware/017.006\(001\)
- canonical/cisco catalyst 9130axe
- canonical/cisco catalyst iw6300 firmware
- version/cisco catalyst iw6300 firmware/017.006\(001\)
- canonical/cisco catalyst iw6300