CVE-2022-20728

Name of the Vulnerable Software and Affected Versions Cisco Aironet Access Points (affected versions not specified) Cisco Wireless LAN Controller (WLC) (affected versions not specified)

Description The issue is related to insufficient access control in the software of Cisco Aironet Access Points and Cisco Wireless LAN Controller (WLC). It allows a remote attacker to bypass security restrictions. The vulnerability in the client forwarding code of Cisco Access Points could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs. This is due to a logic error that forwards packets received on the native VLAN to wireless clients. An attacker could exploit this by accessing the native VLAN and directing traffic to the client using their MAC/IP combination, potentially bypassing VLAN separation and Layer 3 protection mechanisms.

Recommendations For Cisco Aironet Access Points, consider restricting access to the native VLAN to minimize the risk of exploitation. For Cisco Wireless LAN Controller (WLC), restrict access to the vulnerable client forwarding code until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.