Security News > 2022 > April > Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software
2022-04-17 20:04

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller that could be abused by an unauthenticated, remote attacker to take control of an affected system.

"An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials."

The company stressed that the issue only affects the following products if running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have macfilter radius compatibility configured as Other -.

Cisco Wireless LAN Controller versions 8.9 and earlier as well as 8.10.142.0 and earlier, are not vulnerable.

Cisco, crediting an unnamed researcher at Bispok with reporting the weakness, said there is no evidence that CVE-2022-20695 is being actively exploited in the wild.

Also patched by the networking equipment major this week are 14 high severity flaws and nine medium severity issues impacting Cisco IOS XE/XR and SD-WAN vManage software, and Catalyst Digital Building Series Switches and Catalyst Micro Switches.


News URL

https://thehackernews.com/2022/04/critical-auth-bypass-bug-reported-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-20695 Improper Authentication vulnerability in Cisco products
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm.
network
low complexity
cisco CWE-287
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1771 1669 288 3749