Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices.

Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass authentication and log in to the device through the management interface.

The vulnerability resides in the authentication feature of Cisco Wireless LAN Controller (WLC) Software.

“This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator.” reads the advisory published by Cisco. “The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials.”

This vulnerability affects Cisco products running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have macfilter radius compatibility configured as Other:

3504 Wireless Controller5520 Wireless Controller8540 Wireless ControllerMobility ExpressVirtual Wireless Controller (vWLC)Users can determine whether the Cisco WLC configuration is vulnerable using the show macfilter summary CLI command.

wlc > show macfilter summary

The CVE-2022-20695 vulnerability does not affect the following products:

Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series SwitchesCatalyst 9800 Series Wireless ControllersCatalyst 9800 Wireless Controller for CloudEmbedded Wireless Controller on Catalyst Access PointsWireless LAN Controller (WLC) AireOS products not listed in the Vulnerable Products sectionBelow are the Cisco software releases that address this issue:

Cisco Wireless LAN Controller ReleaseFirst Fixed Release8.9 and earlierNot vulnerable8.10.142.0 and earlierNot vulnerable8.10.151.0 and later8.10.171.0The Cisco PSIRT is not aware of any attack in the wild exploiting this vulnerability

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERSVote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Cisco Wireless LAN Controller)

The post Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover appeared first on Security Affairs.