802.11 Wi-Fi standard vulnerability

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2024-018 CVE-2022-47522 03/31/2023 medium v4

Vulnerability details

The SNS wifi models (SN160W, SN210W) are affected by a vulnerability located in the 802.11 WI-FI standard.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS wifi models are impacted

Revisions

Version Date Description
v1 05/28/2024 Initial release
v2 07/15/2024 Update and disclosed
v3 07/17/2024 Corrective versions update
v4 07/23/2024 Corrective versions update


Stormshield Network Security

CVSS v3.1 Overall Score: 5.1      

Analysis

Impacted version

Exploitation of vulnerability in 802.11 Wi-FI standard could allow attacker to intercept target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point to remove the target’s original security context.

The SNS wifi models (SN160W, SN210W) in versions :

  • SNS 3.7.0 to 3.7.41
  • SNS 3.10.0 to SNS 3.11.29
  • SNS 4.0 to 4.3.25
  • SNS 4.4.0 to 4.7.5
  • SNS 4.8.0

Workaround solution

Solution

There is no workaround solution.

The following versions fix this vulnerability

  • 3.7.42
  • 3.11.30
  • 4.3.27
  • 4.7.6
  • 4.8.2


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network High Low None Changed High High Low
CVSS Base score: 7.9 CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 7.1 CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:P/RL:O/RC:C)
Confidentiality Requirement (CR) Integrity Requirement (IR) Availability Requirement (AR)
Low Low Low
CVSS Environmental score: 5.1 CVSS Vector: (AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)