Cisco vulnerability lets hackers craft their own login credentials
Cisco has launched a security advisory to alert about a vital vulnerability (CVSS v3 rating: 10.), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) computer software.
The security flaw enables distant attackers to log in to target units via the administration interface without the need of working with a valid password.
The bug entails the inappropriate implementation of the password validation algorithm, building it feasible to bypass the common authentication treatment on non-default machine configurations.
If this prerequisite is existing, the attacker may well use crafted credentials to get different levels of privilege, probably heading all the way up to an administrative person.
Effects and remediation
According to Cisco’s advisory, the solutions influenced by this flaw are those that run Cisco WLC Application 8.10.151. or Launch 8.10.162. and have “macfilter radius compatibility” configured as “Other.”
The impacted goods are:
- 3504 Wireless Controller
- 5520 Wireless Controller
- 8540 Wireless Controller
- Mobility Categorical
- Digital Wireless Controller (vWLC)
In addition to the higher than, some shoppers employing the subsequent builds not available by way of the Software package Centre should also consider them selves susceptible: 8.10.151.4 to 8.10.151.10 and 8.10.162.1 to 8.10.162.14.
Finally, Cisco has verified the pursuing as not vulnerable to CVE-2022-20695:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Sequence Switches
- Catalyst 9800 Sequence Wireless Controllers
- Catalyst 9800 Wi-fi Controller for Cloud
- Embedded Wireless Controller on Catalyst Obtain Details
- Wireless LAN Controller (WLC) AireOS products and solutions not detailed in the Vulnerable Products and solutions portion
To decide if your configuration is vulnerable, situation the “present macfilter summary” command. If the RADIUS compatibility mode returns “Other,” you’re susceptible to attacks.
(Cisco)
Applying the most recent accessible security updates (8.10.171. or afterwards) launched by Cisco addresses this vulnerability no make a difference what configuration you might be making use of.
Probable workarounds
Cisco has delivered two doable workarounds for people who cannot update the Wi-fi LAN Controller.
The very first selection is to reset the “macfilter radius compatibility” method to the default worth by issuing the pursuing command: “config macfilter radius-compat cisco”.
The 2nd possibility would be to adjust the configuration to other harmless modes, these kinds of as “cost-free”, using this command: “config macfilter radius-compat no cost”.
At the time of writing this, Cisco is not mindful of the vulnerability currently being under active exploitation, and Bleeping Laptop has noticed no reviews about scanning tries possibly.