The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
References
| Link | Resource |
|---|---|
| https://papers.mathyvanhoef.com/usenix2023-wifi.pdf | Exploit Technical Description Third Party Advisory |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006 | Third Party Advisory |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc | |
| https://www.wi-fi.org/discover-wi-fi/passpoint | Not Applicable |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
History
07 Sep 2023, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
28 Apr 2023, 14:27
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CWE | CWE-290 | |
| First Time |
Sonicwall tz470w Firmware
Sonicwall tz350 Firmware Sonicwall tz670 Firmware Sonicwall tz300w Firmware Sonicwall Sonicwall soho 250 Sonicwall tz600p Sonicwall tz570w Sonicwall tz370w Firmware Sonicwall tz500 Firmware Sonicwall tz570p Sonicwall tz470 Sonicwall tz470w Sonicwall tz570 Sonicwall sonicwave 224w Firmware Sonicwall tz670 Sonicwall sonicwave 224w Sonicwall tz500w Sonicwall tz570 Firmware Sonicwall soho 250w Sonicwall tz600 Sonicwall sonicwave 621 Sonicwall tz270w Sonicwall sonicwave 432o Firmware Sonicwall soho 250 Firmware Sonicwall tz350w Ieee Sonicwall tz300 Sonicwall tz300p Firmware Sonicwall tz600 Firmware Sonicwall tz350 Sonicwall sonicwave 641 Firmware Sonicwall tz570w Firmware Sonicwall tz400 Firmware Sonicwall sonicwave 231c Sonicwall tz570p Firmware Sonicwall tz370 Sonicwall tz300 Firmware Sonicwall tz300w Ieee ieee 802.11 Sonicwall sonicwave 681 Sonicwall sonicwave 621 Firmware Sonicwall tz370 Firmware Sonicwall tz270 Sonicwall tz470 Firmware Sonicwall sonicwave 681 Firmware Sonicwall tz370w Sonicwall tz400 Sonicwall sonicwave 641 Sonicwall tz500 Sonicwall tz400w Firmware Sonicwall soho 250w Firmware Sonicwall sonicwave 231c Firmware Sonicwall sonicwave 432o Sonicwall tz400w Sonicwall tz300p Sonicwall tz500w Firmware Sonicwall tz600p Firmware Sonicwall tz270w Firmware Sonicwall tz350w Firmware Sonicwall tz270 Firmware |
|
| References | (MISC) https://papers.mathyvanhoef.com/usenix2023-wifi.pdf - Exploit, Technical Description, Third Party Advisory | |
| References | (MISC) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006 - Third Party Advisory | |
| References | (MISC) https://www.wi-fi.org/discover-wi-fi/passpoint - Not Applicable | |
| CPE | cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz300w_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz500w_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz470w_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz570_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:* cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sonicwave_641_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sonicwave_681_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sonicwave_621:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sonicwave_641:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz270w_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz350_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz350w_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz400_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sonicwave_231c:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sonicwave_432o_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sonicwave_231c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sonicwave_224w_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz570p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz370w_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:soho_250w_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz370_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz400w_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:soho_250_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz300_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sonicwave_681:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz600p_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sonicwave_432o:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz570w_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sonicwave_224w:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sonicwave_621_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz300p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz600_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz470_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz500_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz670_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:tz270_firmware:-:*:*:*:*:*:*:* |
15 Apr 2023, 02:25
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-15 02:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-47522
Mitre link : CVE-2022-47522
CVE.ORG link : CVE-2022-47522
JSON object : View
Products Affected
sonicwall
- sonicwave_432o_firmware
- tz570_firmware
- tz470_firmware
- tz470
- tz500_firmware
- tz300w_firmware
- tz670_firmware
- soho_250w_firmware
- sonicwave_641_firmware
- tz350
- tz670
- tz270w
- tz300p_firmware
- tz300
- tz570p_firmware
- tz600p
- tz500w
- soho_250_firmware
- tz600p_firmware
- sonicwave_681_firmware
- tz600_firmware
- tz400_firmware
- tz400
- sonicwave_641
- sonicwave_224w
- tz270w_firmware
- tz350w_firmware
- tz270
- sonicwave_231c_firmware
- sonicwave_231c
- sonicwave_621_firmware
- tz270_firmware
- tz600
- tz350w
- sonicwave_621
- sonicwave_224w_firmware
- tz570w_firmware
- tz570w
- tz400w
- tz470w
- tz300w
- tz300_firmware
- tz400w_firmware
- tz370_firmware
- tz570p
- tz570
- soho_250
- soho_250w
- sonicwave_432o
- sonicwave_681
- tz370
- tz370w
- tz470w_firmware
- tz500w_firmware
- tz500
- tz300p
- tz350_firmware
- tz370w_firmware
ieee
- ieee_802.11
CWE
CWE-290
Authentication Bypass by Spoofing