CVE-2022-20728: Cisco Access Points VLAN Bypass from Native VLAN Vulnerability
First published: Tue Sep 27 2022(Updated: )
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Aironet 1542d Firmware | =017.006\(001\) | |
| Cisco Aironet 1542d | ||
| Cisco Aironet 1542i Firmware | =017.006\(001\) | |
| Cisco Aironet 1542i | ||
| Cisco Aironet 1562i Firmware | =017.006\(001\) | |
| Cisco Aironet 1562i | ||
| Cisco Aironet 1562e Firmware | =017.006\(001\) | |
| Cisco Aironet 1562e | ||
| Cisco Aironet 1562d Firmware | =017.006\(001\) | |
| Cisco Aironet 1562d | ||
| Cisco Aironet 1815i Firmware | =017.006\(001\) | |
| Cisco Aironet 1815i | ||
| Cisco Aironet 1815m Firmware | =017.006\(001\) | |
| Cisco Aironet 1815m | ||
| Cisco Aironet 1815t Firmware | =017.006\(001\) | |
| Cisco Aironet 1815t | ||
| Cisco Aironet 1815w Firmware | =017.006\(001\) | |
| Cisco Aironet 1815w | ||
| Cisco Aironet 1830 Firmware | =017.006\(001\) | |
| Cisco Aironet 1830 | ||
| Cisco Aironet 1840 Firmware | =017.006\(001\) | |
| Cisco Aironet 1840 | ||
| Cisco Aironet 1850e Firmware | =017.006\(001\) | |
| Cisco Aironet 1850e | ||
| Cisco Aironet 1850i Firmware | =017.006\(001\) | |
| Cisco Aironet 1850i | ||
| Cisco Aironet 2800i Firmware | =017.006\(001\) | |
| Cisco Aironet 2800i | ||
| Cisco Aironet 2800e Firmware | =017.006\(001\) | |
| Cisco Aironet 2800e | ||
| Cisco Aironet 3800i Firmware | =017.006\(001\) | |
| Cisco Aironet 3800i | ||
| Cisco Aironet 3800e Firmware | =017.006\(001\) | |
| Cisco Aironet 3800e | ||
| Cisco Aironet 3800p Firmware | =017.006\(001\) | |
| Cisco Aironet 3800p | ||
| Cisco Aironet 4800 Firmware | =017.006\(001\) | |
| Cisco Aironet 4800 | ||
| Cisco Catalyst 9105ax Firmware | =017.006\(001\) | |
| Cisco Catalyst 9105ax | ||
| Cisco Catalyst 9115ax Firmware | =017.006\(001\) | |
| Cisco Catalyst 9115ax | ||
| Cisco Catalyst 9117ax Firmware | =017.006\(001\) | |
| Cisco Catalyst 9117ax | ||
| Cisco Catalyst 9120ax Firmware | =017.006\(001\) | |
| Cisco Catalyst 9120ax | ||
| Cisco Catalyst 9124ax Firmware | =017.006\(001\) | |
| Cisco Catalyst 9124ax | ||
| Cisco Catalyst 9130ax Firmware | =017.006\(001\) | |
| Cisco Catalyst 9130ax | ||
| Cisco Catalyst Iw6300 Firmware | =017.006\(001\) | |
| Cisco Catalyst Iw6300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-20728?
CVE-2022-20728 is a vulnerability in the client forwarding code of multiple Cisco Access Points (APs) that allows an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs.
How does CVE-2022-20728 affect Cisco Access Points?
CVE-2022-20728 affects multiple Cisco Access Points (APs) by allowing an attacker to inject packets from the native VLAN to clients within nonnative VLANs.
What is the severity of CVE-2022-20728?
CVE-2022-20728 has a severity rating of 4.7 out of 10, which is considered medium severity.
How can I fix CVE-2022-20728?
To fix CVE-2022-20728, Cisco has released a software update. Please refer to the Cisco Security Advisory for specific instructions.
Where can I find more information about CVE-2022-20728?
You can find more information about CVE-2022-20728 in the Cisco Security Advisory.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco aironet 1542d firmware
- version/cisco aironet 1542d firmware/017.006\(001\)
- canonical/cisco aironet 1542d
- canonical/cisco aironet 1542i firmware
- version/cisco aironet 1542i firmware/017.006\(001\)
- canonical/cisco aironet 1542i
- canonical/cisco aironet 1562i firmware
- version/cisco aironet 1562i firmware/017.006\(001\)
- canonical/cisco aironet 1562i
- canonical/cisco aironet 1562e firmware
- version/cisco aironet 1562e firmware/017.006\(001\)
- canonical/cisco aironet 1562e
- canonical/cisco aironet 1562d firmware
- version/cisco aironet 1562d firmware/017.006\(001\)
- canonical/cisco aironet 1562d
- canonical/cisco aironet 1815i firmware
- version/cisco aironet 1815i firmware/017.006\(001\)
- canonical/cisco aironet 1815i
- canonical/cisco aironet 1815m firmware
- version/cisco aironet 1815m firmware/017.006\(001\)
- canonical/cisco aironet 1815m
- canonical/cisco aironet 1815t firmware
- version/cisco aironet 1815t firmware/017.006\(001\)
- canonical/cisco aironet 1815t
- canonical/cisco aironet 1815w firmware
- version/cisco aironet 1815w firmware/017.006\(001\)
- canonical/cisco aironet 1815w
- canonical/cisco aironet 1830 firmware
- version/cisco aironet 1830 firmware/017.006\(001\)
- canonical/cisco aironet 1830
- canonical/cisco aironet 1840 firmware
- version/cisco aironet 1840 firmware/017.006\(001\)
- canonical/cisco aironet 1840
- canonical/cisco aironet 1850e firmware
- version/cisco aironet 1850e firmware/017.006\(001\)
- canonical/cisco aironet 1850e
- canonical/cisco aironet 1850i firmware
- version/cisco aironet 1850i firmware/017.006\(001\)
- canonical/cisco aironet 1850i
- canonical/cisco aironet 2800i firmware
- version/cisco aironet 2800i firmware/017.006\(001\)
- canonical/cisco aironet 2800i
- canonical/cisco aironet 2800e firmware
- version/cisco aironet 2800e firmware/017.006\(001\)
- canonical/cisco aironet 2800e
- canonical/cisco aironet 3800i firmware
- version/cisco aironet 3800i firmware/017.006\(001\)
- canonical/cisco aironet 3800i
- canonical/cisco aironet 3800e firmware
- version/cisco aironet 3800e firmware/017.006\(001\)
- canonical/cisco aironet 3800e
- canonical/cisco aironet 3800p firmware
- version/cisco aironet 3800p firmware/017.006\(001\)
- canonical/cisco aironet 3800p
- canonical/cisco aironet 4800 firmware
- version/cisco aironet 4800 firmware/017.006\(001\)
- canonical/cisco aironet 4800
- canonical/cisco catalyst 9105ax firmware
- version/cisco catalyst 9105ax firmware/017.006\(001\)
- canonical/cisco catalyst 9105ax
- canonical/cisco catalyst 9115ax firmware
- version/cisco catalyst 9115ax firmware/017.006\(001\)
- canonical/cisco catalyst 9115ax
- canonical/cisco catalyst 9117ax firmware
- version/cisco catalyst 9117ax firmware/017.006\(001\)
- canonical/cisco catalyst 9117ax
- canonical/cisco catalyst 9120ax firmware
- version/cisco catalyst 9120ax firmware/017.006\(001\)
- canonical/cisco catalyst 9120ax
- canonical/cisco catalyst 9124ax firmware
- version/cisco catalyst 9124ax firmware/017.006\(001\)
- canonical/cisco catalyst 9124ax
- canonical/cisco catalyst 9130ax firmware
- version/cisco catalyst 9130ax firmware/017.006\(001\)
- canonical/cisco catalyst 9130ax
- canonical/cisco catalyst iw6300 firmware
- version/cisco catalyst iw6300 firmware/017.006\(001\)
- canonical/cisco catalyst iw6300