cisco-sa-apvlan-TDTtb4FY: Cisco Access Points VLAN Bypass from Native VLAN Vulnerability
First published: Tue Sep 27 2022(Updated: )
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apvlan-TDTtb4FY
Credit: This vulnerability was found by Javier Contreras Cisco during internal security testing
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Wireless LAN Controller Software | >=8.5 and earlier<=8.10<8.10.181.0 | 8.10.181.0 |
| Cisco Catalyst 9800 Wireless Controller Software | >=17.4=17.5<=17.6<17.6.2>=17.2 and earlier<=17.3<Migrate to 17.3.6 and apply APSP patch (APSP patch no. TBD) | 17.6.2 Migrate to 17.3.6 and apply APSP patch (APSP patch no. TBD) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Cisco vulnerability?
The vulnerability ID is cisco-sa-apvlan-TDTtb4FY.
What is the severity of the Cisco Access Points VLAN Bypass from Native VLAN Vulnerability?
The severity of this vulnerability is medium with a CVSS score of 4.7.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by injecting packets from the native VLAN to clients within nonnative VLANs on an affected Cisco Access Point.
Which Cisco products are affected by this vulnerability?
This vulnerability affects Cisco Wireless LAN Controller Software versions 8.5 and earlier up to 8.10.181.0, and Cisco Catalyst 9800 Wireless Controller Software versions 17.2 and earlier up to 17.6.2.
How can I fix the Cisco Access Points VLAN Bypass from Native VLAN Vulnerability?
To fix this vulnerability, upgrade to Cisco Wireless LAN Controller Software version 8.10.181.0 or later, or migrate to Cisco Catalyst 9800 Wireless Controller Software version 17.3.6 and apply the APSP patch (APSP patch no. TBD).
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/tags
- agent/author
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco wireless lan controller software
- version/cisco wireless lan controller software/8.5 and earlier
- version/cisco wireless lan controller software/8.10
- canonical/cisco catalyst 9800 wireless controller software
- version/cisco catalyst 9800 wireless controller software/17.4
- version/cisco catalyst 9800 wireless controller software/17.5
- version/cisco catalyst 9800 wireless controller software/17.6
- version/cisco catalyst 9800 wireless controller software/17.2 and earlier
- version/cisco catalyst 9800 wireless controller software/17.3