Security News > 2022 > April > Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software
Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller that could be abused by an unauthenticated, remote attacker to take control of an affected system.
"An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials."
The company stressed that the issue only affects the following products if running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have macfilter radius compatibility configured as Other -.
Cisco Wireless LAN Controller versions 8.9 and earlier as well as 8.10.142.0 and earlier, are not vulnerable.
Cisco, crediting an unnamed researcher at Bispok with reporting the weakness, said there is no evidence that CVE-2022-20695 is being actively exploited in the wild.
Also patched by the networking equipment major this week are 14 high severity flaws and nine medium severity issues impacting Cisco IOS XE/XR and SD-WAN vManage software, and Catalyst Digital Building Series Switches and Catalyst Micro Switches.
News URL
https://thehackernews.com/2022/04/critical-auth-bypass-bug-reported-in.html
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-15 | CVE-2022-20695 | Improper Authentication vulnerability in Cisco products A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. | 10.0 |