MUST READ

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Pierluigi Paganini April 15, 2022

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices.

Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass authentication and log in to the device through the management interface.

The vulnerability resides in the authentication feature of Cisco Wireless LAN Controller (WLC) Software.

“This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator.” reads the advisory published by Cisco. “The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials.”

This vulnerability affects Cisco products running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have macfilter radius compatibility configured as Other:

  • 3504 Wireless Controller
  • 5520 Wireless Controller
  • 8540 Wireless Controller
  • Mobility Express
  • Virtual Wireless Controller (vWLC)

Users can determine whether the Cisco WLC configuration is vulnerable using the show macfilter summary CLI command. 

wlc > show macfilter summary

The CVE-2022-20695 vulnerability does not affect the following products:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Catalyst 9800 Wireless Controller for Cloud
  • Embedded Wireless Controller on Catalyst Access Points
  • Wireless LAN Controller (WLC) AireOS products not listed in the Vulnerable Products section

Below are the Cisco software releases that address this issue:

Cisco Wireless LAN Controller ReleaseFirst Fixed Release
8.9 and earlierNot vulnerable
8.10.142.0 and earlierNot vulnerable
8.10.151.0 and later8.10.171.0

The Cisco PSIRT is not aware of any attack in the wild exploiting this vulnerability

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco Wireless LAN Controller)

[adrotate banner=”5″]

[adrotate banner=”13″]

authentication bypass CISCO Cisco Wireless LAN Controller Hacking hacking news information security news IT Information Security Pierluigi Paganini Security News

you might also like

Pierluigi Paganini July 12, 2025
McDonald’s job app exposes data of 64 Million applicants
Read more
Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

McDonald’s job app exposes data of 64 Million applicants

Hacking / July 12, 2025

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

Uncategorized / July 11, 2025

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

Hacking / July 11, 2025

UK NCA arrested four people over M&S, Co-op cyberattacks

Cyber Crime / July 10, 2025

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Hacking / July 10, 2025