Skip to content
Top Technology Site

Top Technology Site

Sensational Top Technology Site

Primary Menu
  • News Technology
  • Computer News
  • Games News
  • Future Technology
  • Best Apps
  • Retro Game
  • About Us
    • Advertise Here
    • Contact Us
    • Privacy Policy
    • Sitemap
  • Home
  • Cisco vulnerability lets hackers craft their own login credentials
Cisco vulnerability lets hackers craft their own login credentials
  • Computer News

Cisco vulnerability lets hackers craft their own login credentials

By Ramon Connor 3 years ago

cisco

Cisco has launched a security advisory to alert about a vital vulnerability (CVSS v3 rating: 10.), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) computer software. 

The security flaw enables distant attackers to log in to target units via the administration interface without the need of working with a valid password.

The bug entails the inappropriate implementation of the password validation algorithm, building it feasible to bypass the common authentication treatment on non-default machine configurations.

If this prerequisite is existing, the attacker may well use crafted credentials to get different levels of privilege, probably heading all the way up to an administrative person.

Effects and remediation

According to Cisco’s advisory, the solutions influenced by this flaw are those that run Cisco WLC Application 8.10.151. or Launch 8.10.162. and have “macfilter radius compatibility” configured as “Other.”

The impacted goods are:

  • 3504 Wireless Controller
  • 5520 Wireless Controller
  • 8540 Wireless Controller
  • Mobility Categorical
  • Digital Wireless Controller (vWLC)

In addition to the higher than, some shoppers employing the subsequent builds not available by way of the Software package Centre should also consider them selves susceptible: 8.10.151.4 to 8.10.151.10 and 8.10.162.1 to 8.10.162.14.

Finally, Cisco has verified the pursuing as not vulnerable to CVE-2022-20695:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Sequence Switches
  • Catalyst 9800 Sequence Wireless Controllers
  • Catalyst 9800 Wi-fi Controller for Cloud
  • Embedded Wireless Controller on Catalyst Obtain Details
  • Wireless LAN Controller (WLC) AireOS products and solutions not detailed in the Vulnerable Products and solutions portion

To decide if your configuration is vulnerable, situation the “present macfilter summary” command. If the RADIUS compatibility mode returns “Other,” you’re susceptible to attacks.

Command to determine configuration vulnerability
Command to establish configuration vulnerability
(Cisco)

Applying the most recent accessible security updates (8.10.171. or afterwards) launched by Cisco addresses this vulnerability no make a difference what configuration you might be making use of.

Probable workarounds

Cisco has delivered two doable workarounds for people who cannot update the Wi-fi LAN Controller.

The very first selection is to reset the “macfilter radius compatibility” method to the default worth by issuing the pursuing command: “config macfilter radius-compat cisco”.

The 2nd possibility would be to adjust the configuration to other harmless modes, these kinds of as “cost-free”, using this command: “config macfilter radius-compat no cost”.

At the time of writing this, Cisco is not mindful of the vulnerability currently being under active exploitation, and Bleeping Laptop has noticed no reviews about scanning tries possibly.

Tags: Cisco, craft, credentials, Hackers, lets, login, vulnerability

Continue Reading

Previous ‘Game Changers’ Reflects on Evolution of Arcade & Home Entertainment
Next The best remote desktop software (2022): Top 5 apps

Recent Posts

  • The Importance of High-Quality Web Hosting for Brands
  • Tips To Improve Your cPanel Security
  • Merchant Account Credit Card Processing: A Necessity for Online Businesses
  • Couponing for Tech: Top Tips for Saving on Mobile Devices and Accessories
  • Unveiling the Charm of Vintage Video Games

Archives

  • December 2024
  • June 2024
  • May 2024
  • April 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022

Categories

  • Android News Today
  • Best Apps
  • Best Software
  • Computer News
  • Computer Recovery
  • Future Technology
  • Games News
  • News Technology
  • Retro Game
  • Top Games

toptechsite.com © All rights reserved. | Magazine 7 by AF themes.
Go to mobile version