Vulnerabilities > CVE-2022-20810 - Unspecified vulnerability in Cisco IOS XE

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

NVD

Published: 2022-09-30

Updated: 2023-11-07

Summary

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XE -	1
Hardware	Cisco Cisco Catalyst 9800 - Cisco Catalyst 9800 40 - Cisco Catalyst 9800 40 Wireless Controller - Cisco Catalyst 9800 80 - Cisco Catalyst 9800 80 Wireless Controller - Cisco Catalyst 9800 CL - Cisco Catalyst 9800 L - Cisco Catalyst 9800 L C - Cisco Catalyst 9800 L F - Cisco Catalyst 9800 Embedded Wireless Controller -	10

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ