Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Pierluigi Paganini April 15, 2022

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices.

Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass authentication and log in to the device through the management interface.

The vulnerability resides in the authentication feature of Cisco Wireless LAN Controller (WLC) Software.

“This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator.” reads the advisory published by Cisco. “The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials.”

This vulnerability affects Cisco products running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have macfilter radius compatibility configured as Other:

3504 Wireless Controller
5520 Wireless Controller
8540 Wireless Controller
Mobility Express
Virtual Wireless Controller (vWLC)

Users can determine whether the Cisco WLC configuration is vulnerable using the show macfilter summary CLI command.

wlc > show macfilter summary

The CVE-2022-20695 vulnerability does not affect the following products:

Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
Catalyst 9800 Series Wireless Controllers
Catalyst 9800 Wireless Controller for Cloud
Embedded Wireless Controller on Catalyst Access Points
Wireless LAN Controller (WLC) AireOS products not listed in the Vulnerable Products section

Below are the Cisco software releases that address this issue:

Cisco Wireless LAN Controller Release	First Fixed Release
8.9 and earlier	Not vulnerable
8.10.142.0 and earlier	Not vulnerable
8.10.151.0 and later	8.10.171.0

The Cisco PSIRT is not aware of any attack in the wild exploiting this vulnerability

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco Wireless LAN Controller)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini July 23, 2025

Microsoft linked attacks on SharePoint flaws to China-nexus actors

Pierluigi Paganini July 22, 2025