CVE-2022-20728: Cisco Access Points VLAN Bypass from Native VLAN Vulnerability

First published: Fri Sep 30 2022(Updated: )

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.

Credit: ykramarz@cisco.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/weakness
• agent/author
• agent/references
• agent/description
• agent/severity
• agent/title
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/first-publish-date
• agent/event
• agent/source
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• agent/softwarecombine
• vendor/cisco
• canonical/cisco aironet 1542d
• version/cisco aironet 1542d/017.006\(001\)
• canonical/cisco aironet 1542i firmware
• version/cisco aironet 1542i firmware/017.006\(001\)
• canonical/cisco aironet 1562 firmware
• version/cisco aironet 1562 firmware/017.006\(001\)
• canonical/cisco aironet 1562e
• version/cisco aironet 1562e/017.006\(001\)
• canonical/cisco aironet 1562e firmware
• canonical/cisco aironet 1815 firmware
• version/cisco aironet 1815 firmware/017.006\(001\)
• canonical/cisco aironet 1830i firmware
• version/cisco aironet 1830i firmware/017.006\(001\)
• canonical/cisco aironet 1840i firmware
• version/cisco aironet 1840i firmware/017.006\(001\)
• canonical/cisco aironet 1850e firmware
• version/cisco aironet 1850e firmware/017.006\(001\)
• canonical/cisco aironet 1850e access point
• canonical/cisco aironet 1850i firmware
• version/cisco aironet 1850i firmware/017.006\(001\)
• canonical/cisco aironet 1850i access point
• canonical/cisco aironet 2800 firmware
• version/cisco aironet 2800 firmware/017.006\(001\)
• canonical/cisco aironet 2800e firmware
• version/cisco aironet 2800e firmware/017.006\(001\)
• canonical/cisco aironet 3800 firmware
• version/cisco aironet 3800 firmware/017.006\(001\)
• canonical/cisco aironet 3800e firmware
• canonical/cisco aironet 3800p firmware
• canonical/cisco aironet 4800 firmware
• version/cisco aironet 4800 firmware/017.006\(001\)
• canonical/cisco catalyst 9105 firmware
• version/cisco catalyst 9105 firmware/017.006\(001\)
• canonical/cisco catalyst 9115ax
• version/cisco catalyst 9115ax/017.006\(001\)
• canonical/cisco catalyst 9115 ap firmware
• canonical/cisco catalyst 9117 firmware
• version/cisco catalyst 9117 firmware/017.006\(001\)
• canonical/cisco catalyst 9117ax firmware
• canonical/cisco catalyst 9120 firmware
• version/cisco catalyst 9120 firmware/017.006\(001\)
• canonical/cisco catalyst 9124 firmware
• version/cisco catalyst 9124 firmware/017.006\(001\)
• canonical/cisco catalyst 9130 firmware
• version/cisco catalyst 9130 firmware/017.006\(001\)
• canonical/cisco catalyst iw6300 dc firmware
• version/cisco catalyst iw6300 dc firmware/017.006\(001\)
• canonical/cisco catalyst iw6300 ac firmware