CVE-2022-20682

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family (affected versions not specified) Cisco Catalyst 9800 and 9800-CL for Cloud (affected versions not specified)

Description The issue is related to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries, which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. An attacker could exploit this by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller, potentially causing the affected device to crash and reload.

Recommendations For Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family, update to a version that includes the fix for this issue. For Cisco Catalyst 9800 and 9800-CL for Cloud, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CAPWAP protocol to minimize the risk of exploitation. Avoid using the mDNS query in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.