Skip to content
Top Technology Site

Top Technology Site

Sensational Top Technology Site

Primary Menu
  • News Technology
  • Computer News
  • Games News
  • Future Technology
  • Best Apps
  • Retro Game
  • About Us
    • Advertise Here
    • Contact Us
    • Privacy Policy
    • Sitemap
  • Home
  • Cisco vulnerability lets hackers craft their own login credentials
Cisco vulnerability lets hackers craft their own login credentials
  • Computer News

Cisco vulnerability lets hackers craft their own login credentials

By Ramon Connor 12 months ago

Cisco has launched a security advisory to alert about a vital vulnerability (CVSS v3 rating: 10.), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) computer software. 

The security flaw enables distant attackers to log in to target units via the administration interface without the need of working with a valid password.

The bug entails the inappropriate implementation of the password validation algorithm, building it feasible to bypass the common authentication treatment on non-default machine configurations.

If this prerequisite is existing, the attacker may well use crafted credentials to get different levels of privilege, probably heading all the way up to an administrative person.

Effects and remediation

According to Cisco’s advisory, the solutions influenced by this flaw are those that run Cisco WLC Application 8.10.151. or Launch 8.10.162. and have “macfilter radius compatibility” configured as “Other.”

The impacted goods are:

  • 3504 Wireless Controller
  • 5520 Wireless Controller
  • 8540 Wireless Controller
  • Mobility Categorical
  • Digital Wireless Controller (vWLC)

In addition to the higher than, some shoppers employing the subsequent builds not available by way of the Software package Centre should also consider them selves susceptible: 8.10.151.4 to 8.10.151.10 and 8.10.162.1 to 8.10.162.14.

Finally, Cisco has verified the pursuing as not vulnerable to CVE-2022-20695:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Sequence Switches
  • Catalyst 9800 Sequence Wireless Controllers
  • Catalyst 9800 Wi-fi Controller for Cloud
  • Embedded Wireless Controller on Catalyst Obtain Details
  • Wireless LAN Controller (WLC) AireOS products and solutions not detailed in the Vulnerable Products and solutions portion

To decide if your configuration is vulnerable, situation the “present macfilter summary” command. If the RADIUS compatibility mode returns “Other,” you’re susceptible to attacks.

Command to determine configuration vulnerability
Command to establish configuration vulnerability
(Cisco)

Applying the most recent accessible security updates (8.10.171. or afterwards) launched by Cisco addresses this vulnerability no make a difference what configuration you might be making use of.

Probable workarounds

Cisco has delivered two doable workarounds for people who cannot update the Wi-fi LAN Controller.

The very first selection is to reset the “macfilter radius compatibility” method to the default worth by issuing the pursuing command: “config macfilter radius-compat cisco”.

The 2nd possibility would be to adjust the configuration to other harmless modes, these kinds of as “cost-free”, using this command: “config macfilter radius-compat no cost”.

At the time of writing this, Cisco is not mindful of the vulnerability currently being under active exploitation, and Bleeping Laptop has noticed no reviews about scanning tries possibly.

Tags: Cisco, craft, credentials, Hackers, lets, login, vulnerability

Continue Reading

Previous Microsoft disrupts Zloader malware in global operation
Next Atlassian finally explains the cause of ongoing cloud outage

Recent Posts

  • Downtown D.C.’s new pro gaming venue
  • ChatGPT, Emerging Technologies And The Future Of HR
  • The 10 Best Healthy Eating Apps
  • Philogen Announces Publication of a New Study in Collaboration with Google focused on Machine Learning models applied to DNA-Encoded Chemical Library Technology
  • Double your storage for free with today’s Samsung Galaxy S23 deal

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022

Categories

  • Android News Today
  • Best Apps
  • Best Software
  • Computer News
  • Computer Recovery
  • Future Technology
  • Games News
  • News Technology
  • Retro Game
  • Top Games

toptechsite.com © All rights reserved. | Magazine 7 by AF themes.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
Go to mobile version