Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20810

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.

Published

2022-09-30T19:15:11.703

Last Modified

2024-11-21T06:43:36.007

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-202
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	-	Yes
Hardware	cisco	catalyst_9800	-	No
Hardware	cisco	catalyst_9800-40	-	No
Hardware	cisco	catalyst_9800-40_wireless_controller	-	No
Hardware	cisco	catalyst_9800-80	-	No
Hardware	cisco	catalyst_9800-80_wireless_controller	-	No
Hardware	cisco	catalyst_9800-cl	-	No
Hardware	cisco	catalyst_9800-l	-	No
Hardware	cisco	catalyst_9800-l-c	-	No
Hardware	cisco	catalyst_9800-l-f	-	No
Hardware	cisco	catalyst_9800_embedded_wireless_controller	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)