All the vulnerabilites related to sonicwall - tz270w_firmware
Vulnerability from fkie_nvd
Published
2023-04-15 02:15
Modified
2024-11-21 07:32
Severity ?
Summary
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://papers.mathyvanhoef.com/usenix2023-wifi.pdf | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006 | Third Party Advisory | |
| cve@mitre.org | https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc | ||
| cve@mitre.org | https://www.wi-fi.org/discover-wi-fi/passpoint | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://papers.mathyvanhoef.com/usenix2023-wifi.pdf | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wi-fi.org/discover-wi-fi/passpoint | Not Applicable |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA94FAA4-9BBF-402D-8B33-20A5E8AAFC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz670_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1EB82E-91D7-4197-B762-56A5578FA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz570_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "676DF3BF-7777-4FA9-8512-457FBA956F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz570p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9369143D-4BA5-4A36-9CB5-9DF28F5FD071",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz570w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30E4118D-750F-4CB0-A47D-420B85331515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz470_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46ED34C5-0DDC-4378-AC24-CC288FA6CC32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz470w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D2ED33A-7AE7-4EA1-B4D4-524B5B3538D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz370_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E504C1-4E34-4CA3-B5A8-44A02D53E1E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz370w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC5202E-61D9-405D-91BD-E6037DBCB71D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz270_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1023D6-D82F-4E09-97B8-F7A57D6F7686",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz270w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "885DFDA5-2DB8-471A-B694-CAD5BEA96944",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31F6D757-D0EF-4450-985F-49B78F436667",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3506950B-2404-41D2-8EF3-1694777D9EEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz600p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1114D0A0-516C-4A6D-B578-0D401C692542",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4C9916-AD16-4E31-90A6-2AD577EA9783",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F78C44-08CB-4AEF-AFEF-1ABCF62EF9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C09B5BCD-C830-4C67-B966-1CA499F21D04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz500w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDC97A-3D6E-4B9E-B7C7-1281EFD09B5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61303F-736E-411F-AEF3-6335C0795138",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEAA71F-6BD8-4FE4-844D-080AF7B61DDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D50B19A6-80C4-4FF7-9CD5-58938641D3DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz400w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70DDAC21-91E2-4C49-9AD4-0B35D930042B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "745643D6-9336-4FBE-9625-99599DFBB8A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz350_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E19E36-07EB-4FE7-B4CD-8C1E8C116A27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "479B1418-CA62-4B24-A5DB-21F488941754",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz350w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AC214A-ADA4-4607-B1CD-D0D8FA450F88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E0AB47-5EE3-4F2F-B442-DA48C58C44D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B16351E-5793-40FA-8B3E-CABF8F709E1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09678BBE-7603-41D2-BF09-415CA33C7EFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz300p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63F6B06B-8220-438D-BF43-97A33C07EE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7003DBEF-CA74-4429-B567-5CFFB83762E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:tz300w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBB888A-F19B-4F7C-A2FD-01AA65F6FAD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8AC8EAE-99BE-4889-9978-5083F71D7178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:soho_250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9134E3-57D4-40C4-B268-B952F249AF7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:soho_250w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0687F825-6F19-4227-B5F3-5E9DD0D4621B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicwave_231c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64ABCFAF-DB16-4EF1-98EC-DB7E5E757DC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sonicwave_231c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57028B23-5593-4442-A746-2A248DEFB4EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicwave_224w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B840890-AC02-457D-9E67-FEC07EFEAE25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sonicwave_224w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "911B549B-AA18-4018-8E9B-A46D032A7AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicwave_432o_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "390D6FCD-3D04-4DFD-B8B6-DF2CD6E44087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sonicwave_432o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45DE092E-A5B8-41B4-AF99-897E1F18DF1C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicwave_621_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B3BB5E-325A-4B70-9209-253B18EF56EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sonicwave_621:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD8FCD1-9A77-4120-A2EB-E2D8C7E7E006",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicwave_641_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0869CE-BF47-4243-96FD-CD51AC751CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sonicwave_641:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CBFB2F-1BC7-411C-824F-6240CF289905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicwave_681_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4134FE2-6A7D-41C9-A214-2CE0A59FC23D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sonicwave_681:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDECE3D2-594C-4FC7-BC65-7813F7446B14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target\u0027s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target\u0027s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client\u0027s pairwise encryption key."
}
],
"id": "CVE-2022-47522",
"lastModified": "2024-11-21T07:32:08.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-15T02:15:07.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://papers.mathyvanhoef.com/usenix2023-wifi.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006"
},
{
"source": "cve@mitre.org",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.wi-fi.org/discover-wi-fi/passpoint"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://papers.mathyvanhoef.com/usenix2023-wifi.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.wi-fi.org/discover-wi-fi/passpoint"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-47522
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2024-08-03 14:55
Severity ?
EPSS score ?
Summary
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:55:08.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wi-fi.org/discover-wi-fi/passpoint"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006"
},
{
"tags": [
"x_transferred"
],
"url": "https://papers.mathyvanhoef.com/usenix2023-wifi.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target\u0027s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target\u0027s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client\u0027s pairwise encryption key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T05:52:20.794361",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.wi-fi.org/discover-wi-fi/passpoint"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006"
},
{
"url": "https://papers.mathyvanhoef.com/usenix2023-wifi.pdf"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47522",
"datePublished": "2023-04-15T00:00:00",
"dateReserved": "2022-12-18T00:00:00",
"dateUpdated": "2024-08-03T14:55:08.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}