ENGLISH Search Menu
Alerts & News Security Alerts Security News

SECURITY ALERTS

A Vulnerability (CVE-2022-20695) Exists in Cisco Wireless LAN Controller Software Allow Attacker to Bypass Authentication Controls and Log in to the Device Through the Management Interface

DESCRIPTION:
A vulnerability (CVE-2022-20695) exists in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software. Due to the improper implementation of the password validation algorithm, and attacker could exploit this vulnerability by logging in to an affected device with crafted credentials.

 

AFFECTED RELEASES:
Running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have macfilter radius compatibility configured as Other:
1. 3504 Wireless Controller
2. 5520 Wireless Controller
3. 8540 Wireless Controller
4. Mobility Express
5. Virtual Wireless Controller (vWLC)

 

SOLUTION:
1. Users and system administrators of affected products are advised to apply the security updates by the following steps:
(1) Go to https://software.cisco.com/download/home and click Browse all.
(2) Choose Wireless > Wireless LAN Controller > Standalone Controllers.
(3) Choose a specific product from the right pane of the product selector.
(4) Choose a hardware platform from the left pane of the software page.
2. If you can’t update to the latest version, please refer the Cisco official webpage (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF) and see the section ”Workarounds”.
(1) Customers who do not use macfilters can reset the macfilter radius compatibility mode to the default value using the following CLI command:
wlc > config macfilter radius-compat cisco
(2) Customers who need to use macfilters can reset the macfilter radius compatibility mode to the cisco or free value using the following CLI command:
wlc > config macfilter radius-compat cisco
wlc > config macfilter radius-compat free
3. Users and system administrators of affected products can check if it is affacted by the following steps:
(1) Using the following CLI command: show macfilter summary
(2) If it shows that RADIUS Compatibility mode is “Other”, it is affacted by this vulnerability.

 

REFERENCE:
1. https://www.ithome.com.tw/news/150464
2. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF
3. https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html
 

 Back To Top