CVE-2022-47522 - Vulnerability Details

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.15949.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:tz670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:tz570_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sonicwall:tz570p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sonicwall:tz570w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sonicwall:tz470_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:sonicwall:tz470w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:sonicwall:tz370_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:sonicwall:tz370w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:sonicwall:tz270_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:sonicwall:tz270w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:sonicwall:tz600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:sonicwall:tz600p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:sonicwall:tz500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:sonicwall:tz500w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:sonicwall:tz400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:sonicwall:tz400w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:sonicwall:tz350_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:sonicwall:tz350w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:sonicwall:tz300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:sonicwall:tz300p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:sonicwall:tz300w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:sonicwall:soho_250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:sonicwall:soho_250w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:sonicwall:sonicwave_231c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sonicwave_231c:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:sonicwall:sonicwave_224w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sonicwave_224w:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:sonicwall:sonicwave_432o_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sonicwave_432o:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:sonicwall:sonicwave_621_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sonicwave_621:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:sonicwall:sonicwave_641_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sonicwave_641:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:sonicwall:sonicwave_681_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sonicwave_681:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Ieee Subscribe	Ieee 802.11 Subscribe
Sonicwall Subscribe	Soho 250 Subscribe Soho 250 Firmware Subscribe Soho 250w Subscribe Soho 250w Firmware Subscribe Sonicwave 224w Subscribe Sonicwave 224w Firmware Subscribe Sonicwave 231c Subscribe Sonicwave 231c Firmware Subscribe Sonicwave 432o Subscribe Sonicwave 432o Firmware Subscribe Sonicwave 621 Subscribe Sonicwave 621 Firmware Subscribe Sonicwave 641 Subscribe Sonicwave 641 Firmware Subscribe Sonicwave 681 Subscribe Sonicwave 681 Firmware Subscribe Tz270 Subscribe Tz270 Firmware Subscribe Tz270w Subscribe Tz270w Firmware Subscribe Tz300 Subscribe Tz300 Firmware Subscribe Tz300p Subscribe Tz300p Firmware Subscribe Tz300w Subscribe Tz300w Firmware Subscribe Tz350 Subscribe Tz350 Firmware Subscribe Tz350w Subscribe Tz350w Firmware Subscribe Tz370 Subscribe Tz370 Firmware Subscribe Tz370w Subscribe Tz370w Firmware Subscribe Tz400 Subscribe Tz400 Firmware Subscribe Tz400w Subscribe Tz400w Firmware Subscribe Tz470 Subscribe Tz470 Firmware Subscribe Tz470w Subscribe Tz470w Firmware Subscribe Tz500 Subscribe Tz500 Firmware Subscribe Tz500w Subscribe Tz500w Firmware Subscribe Tz570 Subscribe Tz570 Firmware Subscribe Tz570p Subscribe Tz570p Firmware Subscribe Tz570w Subscribe Tz570w Firmware Subscribe Tz600 Subscribe Tz600 Firmware Subscribe Tz600p Subscribe Tz600p Firmware Subscribe Tz670 Subscribe Tz670 Firmware Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc
https://www.wi-fi.org/discover-wi-fi/passpoint

History

Thu, 06 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-15T00:00:00.000Z

Updated: 2025-02-06T15:54:53.804Z

Reserved: 2022-12-18T00:00:00.000Z

Link: CVE-2022-47522

Vulnrichment

Updated: 2024-08-03T14:55:08.299Z

NVD

Status : Modified

Published: 2023-04-15T02:15:07.290

Modified: 2025-02-06T16:15:31.443

Link: CVE-2022-47522

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-290

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object