CVE-2022-47522

Published on: Not Yet Published

Last Modified on: 09/07/2023 06:15:00 AM UTC

CVE-2022-47522

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Ieee 802.11 from Ieee contain the following vulnerability:

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

  • CVE-2022-47522 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
ADJACENT_NETWORK HIGH NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVE References

Description Tags Link
papers.mathyvanhoef.com
application/pdf
 URL Logo MISC papers.mathyvanhoef.com/usenix2023-wifi.pdf
www.freebsd.org
text/plain
 URL Logo MISC www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc
Security Advisory psirt.global.sonicwall.com
text/html
 URL Logo MISC psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006
Passpoint | Wi-Fi Alliance www.wi-fi.org
text/html
 URL Logo MISC www.wi-fi.org/discover-wi-fi/passpoint
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationIeeeIeee 802.11AllAllAllAll
Hardware Device InfoSonicwallSoho 250-AllAllAll
Hardware Device InfoSonicwallSoho 250w-AllAllAll
Operating
System		SonicwallSoho 250w Firmware-AllAllAll
Operating
System		SonicwallSoho 250 Firmware-AllAllAll
Hardware Device InfoSonicwallSonicwave 224w-AllAllAll
Operating
System		SonicwallSonicwave 224w Firmware-AllAllAll
Hardware Device InfoSonicwallSonicwave 231c-AllAllAll
Operating
System		SonicwallSonicwave 231c Firmware-AllAllAll
Hardware Device InfoSonicwallSonicwave 432o-AllAllAll
Operating
System		SonicwallSonicwave 432o Firmware-AllAllAll
Hardware Device InfoSonicwallSonicwave 621-AllAllAll
Operating
System		SonicwallSonicwave 621 Firmware-AllAllAll
Hardware Device InfoSonicwallSonicwave 641-AllAllAll
Operating
System		SonicwallSonicwave 641 Firmware-AllAllAll
Hardware Device InfoSonicwallSonicwave 681-AllAllAll
Operating
System		SonicwallSonicwave 681 Firmware-AllAllAll
Hardware Device InfoSonicwallTz270-AllAllAll
Hardware Device InfoSonicwallTz270w-AllAllAll
Operating
System		SonicwallTz270w Firmware-AllAllAll
Operating
System		SonicwallTz270 Firmware-AllAllAll
Hardware Device InfoSonicwallTz300-AllAllAll
Hardware Device InfoSonicwallTz300p-AllAllAll
Operating
System		SonicwallTz300p Firmware-AllAllAll
Hardware Device InfoSonicwallTz300w-AllAllAll
Operating
System		SonicwallTz300w Firmware-AllAllAll
Operating
System		SonicwallTz300 Firmware-AllAllAll
Hardware Device InfoSonicwallTz350-AllAllAll
Hardware Device InfoSonicwallTz350w-AllAllAll
Operating
System		SonicwallTz350w Firmware-AllAllAll
Operating
System		SonicwallTz350 Firmware-AllAllAll
Hardware Device InfoSonicwallTz370-AllAllAll
Hardware Device InfoSonicwallTz370w-AllAllAll
Operating
System		SonicwallTz370w Firmware-AllAllAll
Operating
System		SonicwallTz370 Firmware-AllAllAll
Hardware Device InfoSonicwallTz400-AllAllAll
Hardware Device InfoSonicwallTz400w-AllAllAll
Operating
System		SonicwallTz400w Firmware-AllAllAll
Operating
System		SonicwallTz400 Firmware-AllAllAll
Hardware Device InfoSonicwallTz470-AllAllAll
Hardware Device InfoSonicwallTz470w-AllAllAll
Operating
System		SonicwallTz470w Firmware-AllAllAll
Operating
System		SonicwallTz470 Firmware-AllAllAll
Hardware Device InfoSonicwallTz500-AllAllAll
Hardware Device InfoSonicwallTz500w-AllAllAll
Operating
System		SonicwallTz500w Firmware-AllAllAll
Operating
System		SonicwallTz500 Firmware-AllAllAll
Hardware Device InfoSonicwallTz570-AllAllAll
Hardware Device InfoSonicwallTz570p-AllAllAll
Operating
System		SonicwallTz570p Firmware-AllAllAll
Hardware Device InfoSonicwallTz570w-AllAllAll
Operating
System		SonicwallTz570w Firmware-AllAllAll
Operating
System		SonicwallTz570 Firmware-AllAllAll
Hardware Device InfoSonicwallTz600-AllAllAll
Hardware Device InfoSonicwallTz600p-AllAllAll
Operating
System		SonicwallTz600p Firmware-AllAllAll
Operating
System		SonicwallTz600 Firmware-AllAllAll
Hardware Device InfoSonicwallTz670-AllAllAll
Operating
System		SonicwallTz670 Firmware-AllAllAll
  • cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:soho_250w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:soho_250_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sonicwave_224w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sonicwave_224w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sonicwave_231c:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sonicwave_231c_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sonicwave_432o:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sonicwave_432o_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sonicwave_621:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sonicwave_621_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sonicwave_641:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sonicwave_641_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sonicwave_681:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sonicwave_681_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz270w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz270_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz300p_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz300w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz300_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz350w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz350_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz370w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz370_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz400w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz400_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz470w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz470_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz500w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz500_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz570p_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz570w_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz570_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz600p_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz600_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:tz670_firmware:-:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @the_yellow_fall CVE-2022-47522: New Security Vulnerability in 802.11 standard securityonline.info/cve-2022-47522… #opensource #infosec #security #pentesting 2023-03-28 09:05:04
Twitter Icon @AcooEdi CVE-2022-47522: New Security Vulnerability in 802.11 Standard dlvr.it/SlbcZS via securityonline https://t.co/MCuxYvUiRk 2023-03-28 09:13:14
Twitter Icon @Komodosec #Vulnerability #CVE202247522 CVE-2022-47522: New Security Vulnerability in 802.11 Standard securityonline.info/cve-2022-47522… 2023-03-28 10:21:02
Twitter Icon @schectman_hell securityonline.info/cve-2022-47522… 被害者の端末を意図的に切断する必要がある( ゚Д゚) 2023-03-28 12:36:25
Twitter Icon @PentestingN CVE-2022-47522: New Security Vulnerability in 802.11 Standard securityonline.info/cve-2022-47522… 2023-03-28 13:10:23
Twitter Icon @Afiffafatima CVE-2022-47522 github.com/vanhoefm/macst… 2023-03-29 19:18:33
Reddit Logo Icon /r/hypeurls MacStealer allows for WiFi client isolation bypasses (CVE-2022-47522) 2023-04-15 19:06:28
Reddit Logo Icon /r/Tonnie_Taller MacStealer allow for WiFi client isolation bypasses (CVE-2022-47522) 2023-04-15 18:05:10
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report