high
7.5
CWE
290
Advisory Published
Updated

CVE-2022-47522

First published: Sat Apr 15 2023(Updated: )

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Ieee Ieee 802.11
Sonicwall Tz670 Firmware
Sonicwall Tz670
Sonicwall Tz570 Firmware
Sonicwall Tz570
Sonicwall Tz570p Firmware
Sonicwall Tz570p
Sonicwall Tz570w Firmware
Sonicwall Tz570w
Sonicwall Tz470 Firmware
Sonicwall Tz470
Sonicwall Tz470w Firmware
Sonicwall Tz470w
Sonicwall Tz370 Firmware
Sonicwall Tz370
Sonicwall Tz370w Firmware
Sonicwall Tz370w
Sonicwall Tz270 Firmware
Sonicwall Tz270
Sonicwall Tz270w Firmware
Sonicwall Tz270w
Sonicwall Tz600 Firmware
Sonicwall Tz600
Sonicwall Tz600p Firmware
Sonicwall Tz600p
Sonicwall Tz500 Firmware
Sonicwall Tz500
Sonicwall Tz500w Firmware
Sonicwall Tz500w
Sonicwall Tz400 Firmware
Sonicwall Tz400
Sonicwall Tz400w Firmware
Sonicwall Tz400w
Sonicwall Tz350 Firmware
Sonicwall Tz350
Sonicwall Tz350w Firmware
Sonicwall Tz350w
Sonicwall Tz300 Firmware
Sonicwall Tz300
Sonicwall Tz300p Firmware
Sonicwall Tz300p
Sonicwall Tz300w Firmware
Sonicwall Tz300w
Sonicwall Soho 250 Firmware
Sonicwall Soho 250
Sonicwall Soho 250w Firmware
Sonicwall Soho 250w
Sonicwall Sonicwave 231c Firmware
Sonicwall Sonicwave 231c
Sonicwall Sonicwave 224w Firmware
Sonicwall Sonicwave 224w
Sonicwall Sonicwave 432o Firmware
Sonicwall Sonicwave 432o
Sonicwall Sonicwave 621 Firmware
Sonicwall Sonicwave 621
Sonicwall Sonicwave 641 Firmware
Sonicwall Sonicwave 641
Sonicwall Sonicwave 681 Firmware
Sonicwall Sonicwave 681

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-47522?

    CVE-2022-47522 is a vulnerability in the IEEE 802.11 specifications that allows physically proximate attackers to intercept target-destined frames.

  • How severe is CVE-2022-47522?

    CVE-2022-47522 has a severity rating of 7.5, which is considered high.

  • Which software is affected by CVE-2022-47522?

    The affected software includes IEEE 802.11 and Sonicwall TZ series firmware versions.

  • How can an attacker exploit CVE-2022-47522?

    An attacker can exploit CVE-2022-47522 by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point.

  • Are Sonicwall TZ series devices vulnerable to CVE-2022-47522?

    Yes, Sonicwall TZ series devices with vulnerable firmware versions are affected by CVE-2022-47522.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203