Vulnerability Description
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ieee | Ieee 802.11 | All versions |
| Sonicwall | Tz670 Firmware | - |
| Sonicwall | Tz670 | - |
| Sonicwall | Tz570 Firmware | - |
| Sonicwall | Tz570 | - |
| Sonicwall | Tz570P Firmware | - |
| Sonicwall | Tz570P | - |
| Sonicwall | Tz570W Firmware | - |
| Sonicwall | Tz570W | - |
| Sonicwall | Tz470 Firmware | - |
| Sonicwall | Tz470 | - |
| Sonicwall | Tz470W Firmware | - |
| Sonicwall | Tz470W | - |
| Sonicwall | Tz370 Firmware | - |
| Sonicwall | Tz370 | - |
| Sonicwall | Tz370W Firmware | - |
| Sonicwall | Tz370W | - |
| Sonicwall | Tz270 Firmware | - |
| Sonicwall | Tz270 | - |
| Sonicwall | Tz270W Firmware | - |
Related Weaknesses (CWE)
References
- https://papers.mathyvanhoef.com/usenix2023-wifi.pdfExploitTechnical DescriptionThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006Third Party Advisory
- https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc
- https://www.wi-fi.org/discover-wi-fi/passpointNot Applicable
- https://papers.mathyvanhoef.com/usenix2023-wifi.pdfExploitTechnical DescriptionThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006Third Party Advisory
- https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc
- https://www.wi-fi.org/discover-wi-fi/passpointNot Applicable
FAQ
What is CVE-2022-47522?
CVE-2022-47522 is a vulnerability with a CVSS score of 7.5 (HIGH). The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save fra...
How severe is CVE-2022-47522?
CVE-2022-47522 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-47522?
Check the references section above for vendor advisories and patch information. Affected products include: Ieee Ieee 802.11, Sonicwall Tz670 Firmware, Sonicwall Tz670, Sonicwall Tz570 Firmware, Sonicwall Tz570.