Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

by chebbi abir

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices.

Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass authentication and log in to the device through the management interface.


The vulnerability resides in the authentication feature of Cisco Wireless LAN Controller (WLC) Software.

“This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator.” reads the advisory published by Cisco. “The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials.”

This vulnerability affects Cisco products running Cisco WLC Software Release or Release and have macfilter radius compatibility configured as Other:

  • 3504 Wireless Controller
  • 5520 Wireless Controller
  • 8540 Wireless Controller
  • Mobility Express
  • Virtual Wireless Controller (vWLC)

Users can determine whether the Cisco WLC configuration is vulnerable using the show macfilter summary CLI command.

wlc > show macfilter summary 

The CVE-2022-20695 vulnerability does not affect the following products:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Catalyst 9800 Wireless Controller for Cloud
  • Embedded Wireless Controller on Catalyst Access Points
  • Wireless LAN Controller (WLC) AireOS products not listed in the Vulnerable Products section

Below are the Cisco software releases that address this issue:

8.9 and earlier Not vulnerable and earlier Not vulnerable and later

The Cisco PSIRT is not aware of any attack in the wild exploiting this vulnerability.

To read the original article:


Interdit de copier  ce contenu