First published: Sat Apr 15 2023(Updated: )
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ieee Ieee 802.11 | ||
Sonicwall Tz670 Firmware | ||
Sonicwall Tz670 | ||
Sonicwall Tz570 Firmware | ||
Sonicwall Tz570 | ||
Sonicwall Tz570p Firmware | ||
Sonicwall Tz570p | ||
Sonicwall Tz570w Firmware | ||
Sonicwall Tz570w | ||
Sonicwall Tz470 Firmware | ||
Sonicwall Tz470 | ||
Sonicwall Tz470w Firmware | ||
Sonicwall Tz470w | ||
Sonicwall Tz370 Firmware | ||
Sonicwall Tz370 | ||
Sonicwall Tz370w Firmware | ||
Sonicwall Tz370w | ||
Sonicwall Tz270 Firmware | ||
Sonicwall Tz270 | ||
Sonicwall Tz270w Firmware | ||
Sonicwall Tz270w | ||
Sonicwall Tz600 Firmware | ||
Sonicwall Tz600 | ||
Sonicwall Tz600p Firmware | ||
Sonicwall Tz600p | ||
Sonicwall Tz500 Firmware | ||
Sonicwall Tz500 | ||
Sonicwall Tz500w Firmware | ||
Sonicwall Tz500w | ||
Sonicwall Tz400 Firmware | ||
Sonicwall Tz400 | ||
Sonicwall Tz400w Firmware | ||
Sonicwall Tz400w | ||
Sonicwall Tz350 Firmware | ||
Sonicwall Tz350 | ||
Sonicwall Tz350w Firmware | ||
Sonicwall Tz350w | ||
Sonicwall Tz300 Firmware | ||
Sonicwall Tz300 | ||
Sonicwall Tz300p Firmware | ||
Sonicwall Tz300p | ||
Sonicwall Tz300w Firmware | ||
Sonicwall Tz300w | ||
Sonicwall Soho 250 Firmware | ||
Sonicwall Soho 250 | ||
Sonicwall Soho 250w Firmware | ||
Sonicwall Soho 250w | ||
Sonicwall Sonicwave 231c Firmware | ||
Sonicwall Sonicwave 231c | ||
Sonicwall Sonicwave 224w Firmware | ||
Sonicwall Sonicwave 224w | ||
Sonicwall Sonicwave 432o Firmware | ||
Sonicwall Sonicwave 432o | ||
Sonicwall Sonicwave 621 Firmware | ||
Sonicwall Sonicwave 621 | ||
Sonicwall Sonicwave 641 Firmware | ||
Sonicwall Sonicwave 641 | ||
Sonicwall Sonicwave 681 Firmware | ||
Sonicwall Sonicwave 681 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-47522 is a vulnerability in the IEEE 802.11 specifications that allows physically proximate attackers to intercept target-destined frames.
CVE-2022-47522 has a severity rating of 7.5, which is considered high.
The affected software includes IEEE 802.11 and Sonicwall TZ series firmware versions.
An attacker can exploit CVE-2022-47522 by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point.
Yes, Sonicwall TZ series devices with vulnerable firmware versions are affected by CVE-2022-47522.