How severe is CVE-2022-20728?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2022-20728?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2022-20728 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.

Related Vulnerabilities

CVE-2015-2687

MEDIUM

CVSS:4.7(Medium)

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

CWE-2842015

CVE-2016-4963

MEDIUM

CVSS:4.7(Medium)

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the ...

CWE-2842016

CVE-2016-6723

MEDIUM

CVSS:4.7(Medium)

A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attac...

CWE-2842016

CVE-2018-0119

MEDIUM

CVSS:4.7(Medium)

A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that...

CWE-2842018

CVE-2020-3231

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before ...

CWE-2842020

CVE-2020-3418

MEDIUM

CVSS:4.7(Medium)

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being p...

CWE-2842020