Unknown
CVE-2022-47522
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)CVE-2022-47522
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target’s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client’s pairwise encryption key.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Products
- ieee 802.11,
- soho 250 firmware -,
- soho 250w firmware -,
- sonicwave 224w firmware -,
- sonicwave 231c firmware -,
- sonicwave 432o firmware -,
- sonicwave 621 firmware -,
- sonicwave 641 firmware -,
- sonicwave 681 firmware -,
- tz270 firmware -,
- tz270w firmware -,
- tz300 firmware -,
- tz300p firmware -,
- tz300w firmware -,
- tz350 firmware -,
- tz350w firmware -,
- tz370 firmware -,
- tz370w firmware -,
- tz400 firmware -,
- tz400w firmware -,
- tz470 firmware -,
- tz470w firmware -,
- tz500 firmware -,
- tz500w firmware -,
- tz570 firmware -,
- tz570p firmware -,
- tz570w firmware -,
- tz600 firmware -,
- tz600p firmware -,
- tz670 firmware -
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
