critical
10
CWE
287 303
Advisory Published
Updated

CVE-2022-20695: Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability

First published: Fri Apr 15 2022(Updated: )

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Wireless Lan Controller 8.10.151.0
Cisco Wireless Lan Controller 8.10.162.0
Cisco Virtual Wireless Controller
Cisco 3504 Wireless Controller
Cisco 5520 Wireless Controller
Cisco 8540 Wireless Controller
Cisco Aironet 1540
Cisco Aironet 1542d
Cisco Aironet 1542i
Cisco Aironet 1560
Cisco Aironet 1562d
Cisco Aironet 1562e
Cisco Aironet 1562i
Cisco Aironet 1815
Cisco Aironet 1815i
Cisco Aironet 1815m
Cisco Aironet 1815t
Cisco Aironet 1815w
Cisco Aironet 1830
Cisco Aironet 1830e
Cisco Aironet 1830i
Cisco Aironet 1832
Cisco Aironet 1850
Cisco Aironet 1850e
Cisco Aironet 1850i
Cisco Aironet 1852
Cisco Aironet 2800
Cisco Aironet 2800e
Cisco Aironet 2800i
Cisco Aironet 3800
Cisco Aironet 3800e
Cisco Aironet 3800i
Cisco Aironet 3800p
Cisco Aironet 4800

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-20695?

    CVE-2022-20695 is a vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software.

  • How does CVE-2022-20695 affect Cisco Wireless LAN Controller Software?

    CVE-2022-20695 could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface.

  • What is the severity of CVE-2022-20695?

    CVE-2022-20695 has a severity rating of critical.

  • How can I mitigate CVE-2022-20695?

    To mitigate CVE-2022-20695, update to a fixed software release.

  • Where can I find more information about CVE-2022-20695?

    More information about CVE-2022-20695 can be found on the Cisco Security Advisory page.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203