cve-2022-20810
Vulnerability from cvelistv5
Published
2022-09-30 18:45
Modified
2024-11-01 18:51
Severity ?
EPSS score ?
Summary
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cisco | Cisco IOS XE Software |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220928 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:40:32.554119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T18:51:30.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-202",
"description": "CWE-202",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-30T18:45:31",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220928 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ"
}
],
"source": {
"advisory": "cisco-sa-cwlc-snmpidv-rnyyQzUZ",
"defect": [
[
"CSCvz99497"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-09-28T23:00:00",
"ID": "CVE-2022-20810",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-202"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220928 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ"
}
]
},
"source": {
"advisory": "cisco-sa-cwlc-snmpidv-rnyyQzUZ",
"defect": [
[
"CSCvz99497"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20810",
"datePublished": "2022-09-30T18:45:31.529834Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-01T18:51:30.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-20810\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2022-09-30T19:15:11.703\",\"lastModified\":\"2023-11-07T03:43:00.920\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el Protocolo simple de administraci\u00f3n de redes (SNMP) del software Cisco IOS XE Wireless Controller para la familia Catalyst 9000 podr\u00eda permitir a un atacante remoto autenticado acceder a informaci\u00f3n confidencial. Esta vulnerabilidad es debido a una insuficiencia de restricciones que permiten divulgar un detalle de configuraci\u00f3n confidencial. Un atacante podr\u00eda explotar esta vulnerabilidad al recuperar datos mediante el acceso a la comunidad de s\u00f3lo lectura de SNMP. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante visualizar las claves precompartidas (PSK) del Identificador de Conjunto de Servicios (SSID) que est\u00e1n configuradas en el dispositivo afectado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-202\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48E6CF0-7A3B-4D11-8D02-0CD38F2420E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B9ED0E5-CB20-4106-9CF2-8EB587B33543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-40_wireless_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E283C34-43AE-49A5-A72B-32DEA185ABD3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B0E620C-8E09-4F7C-A326-26013173B993\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-80_wireless_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB3AF13-5324-42CD-8EDB-6F730BF46214\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF93F1C8-669F-4ECB-8D81-ECDA7B550175\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E0BA345-B7D7-4975-9199-4DC7875BBFD0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA0BC769-C244-41BD-BE80-E67F4E1CDDA4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800_embedded_wireless_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78706517-83F4-4D44-A6EC-B78ADCEABAC0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7D95E8A-8F0B-44E5-B266-09E10BAAEC55\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.