Vulnerability Details CVE-2022-47522
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.143
EPSS Ranking 94.0%
CVSS Severity
CVSS v3 Score 7.5
References
- https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006
- https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc
- https://www.wi-fi.org/discover-wi-fi/passpoint
- https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006
- https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc
- https://www.wi-fi.org/discover-wi-fi/passpoint
Products affected by CVE-2022-47522
-
cpe:2.3:a:ieee:ieee_802.11:-
-
cpe:2.3:h:sonicwall:soho_250:-
-
cpe:2.3:h:sonicwall:soho_250w:-
-
cpe:2.3:h:sonicwall:sonicwave_224w:-
-
cpe:2.3:h:sonicwall:sonicwave_231c:-
-
cpe:2.3:h:sonicwall:sonicwave_432o:-
-
cpe:2.3:h:sonicwall:sonicwave_621:-
-
cpe:2.3:h:sonicwall:sonicwave_641:-
-
cpe:2.3:h:sonicwall:sonicwave_681:-
-
cpe:2.3:h:sonicwall:tz270:-
-
cpe:2.3:h:sonicwall:tz270w:-
-
cpe:2.3:h:sonicwall:tz300:-
-
cpe:2.3:h:sonicwall:tz300p:-
-
cpe:2.3:h:sonicwall:tz300w:-
-
cpe:2.3:h:sonicwall:tz350:-
-
cpe:2.3:h:sonicwall:tz350w:-
-
cpe:2.3:h:sonicwall:tz370:-
-
cpe:2.3:h:sonicwall:tz370w:-
-
cpe:2.3:h:sonicwall:tz400:-
-
cpe:2.3:h:sonicwall:tz400w:-
-
cpe:2.3:h:sonicwall:tz470:-
-
cpe:2.3:h:sonicwall:tz470w:-
-
cpe:2.3:h:sonicwall:tz500:-
-
cpe:2.3:h:sonicwall:tz500w:-
-
cpe:2.3:h:sonicwall:tz570:-
-
cpe:2.3:h:sonicwall:tz570p:-
-
cpe:2.3:h:sonicwall:tz570w:-
-
cpe:2.3:h:sonicwall:tz600:-
-
cpe:2.3:h:sonicwall:tz600p:-
-
cpe:2.3:h:sonicwall:tz670:-
-
cpe:2.3:o:sonicwall:soho_250_firmware:-
-
cpe:2.3:o:sonicwall:soho_250w_firmware:-
-
cpe:2.3:o:sonicwall:sonicwave_224w_firmware:-
-
cpe:2.3:o:sonicwall:sonicwave_231c_firmware:-
-
cpe:2.3:o:sonicwall:sonicwave_432o_firmware:-
-
cpe:2.3:o:sonicwall:sonicwave_621_firmware:-
-
cpe:2.3:o:sonicwall:sonicwave_641_firmware:-
-
cpe:2.3:o:sonicwall:sonicwave_681_firmware:-
-
cpe:2.3:o:sonicwall:tz270_firmware:-
-
cpe:2.3:o:sonicwall:tz270w_firmware:-
-
cpe:2.3:o:sonicwall:tz300_firmware:-
-
cpe:2.3:o:sonicwall:tz300p_firmware:-
-
cpe:2.3:o:sonicwall:tz300w_firmware:-
-
cpe:2.3:o:sonicwall:tz350_firmware:-
-
cpe:2.3:o:sonicwall:tz350w_firmware:-
-
cpe:2.3:o:sonicwall:tz370_firmware:-
-
cpe:2.3:o:sonicwall:tz370w_firmware:-
-
cpe:2.3:o:sonicwall:tz400_firmware:-
-
cpe:2.3:o:sonicwall:tz400w_firmware:-
-
cpe:2.3:o:sonicwall:tz470_firmware:-
-
cpe:2.3:o:sonicwall:tz470w_firmware:-
-
cpe:2.3:o:sonicwall:tz500_firmware:-
-
cpe:2.3:o:sonicwall:tz500w_firmware:-
-
cpe:2.3:o:sonicwall:tz570_firmware:-
-
cpe:2.3:o:sonicwall:tz570p_firmware:-
-
cpe:2.3:o:sonicwall:tz570w_firmware:-
-
cpe:2.3:o:sonicwall:tz600_firmware:-
-
cpe:2.3:o:sonicwall:tz600p_firmware:-
-
cpe:2.3:o:sonicwall:tz670_firmware:-