Security News > 2022 > April > Cisco vulnerability lets hackers craft their own login credentials
Cisco has released a security advisory to warn about a critical vulnerability, tracked as CVE-2022-20695, impacting the Wireless LAN Controller software.
According to Cisco's advisory, the products affected by this flaw are those that run Cisco WLC Software 8.10.151.0 or Release 8.10.162.0 and have "Macfilter radius compatibility" configured as "Other."
Applying the latest available security updates released by Cisco addresses this vulnerability no matter what configuration you're using.
Cisco has provided two possible workarounds for those who can't update the Wireless LAN Controller.
The first option is to reset the "Macfilter radius compatibility" mode to the default value by issuing the following command: "Config macfilter radius-compat cisco".
At the time of writing this, Cisco is not aware of the vulnerability being under active exploitation, and Bleeping Computer has seen no reports about scanning attempts either.
News URL
Related news
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-20695 | Improper Authentication vulnerability in Cisco products A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. | 10.0 |