Cisco issued a critical software advisory addressing its Wireless LAN Controller about a vulnerability in the software’s authentication code that allows an unauthenticated attacker to log in to its devices via the management interface using specially crafted credentials.
The Wireless LAN Controller (WLC) is used in several Cisco products to manage wireless networks. According to the advisory published Tuesday, the vulnerability stems from the improper implementation of a password validation algorithm. A successful exploit will let an attacker bypass the authentication and log into the device with administrator privileges.
The vulnerability is tracked as CVE-2022-20695, and the bug is addressed as CWE-303. Cisco has labelled the vulnerability as critical, giving it a severity rating of 10, the highest possible on the scale.
The vulnerability impacts the following Cisco products:
- 3504 Wireless Controller
- 5520 Wireless Controller
- 8540 Wireless Controller
- Mobility Express
- Virtual Wireless Controller (vWLC)
In addition to being on the list mentioned above, the product needs to be running Cisco WLC Software Release 18.104.22.168 or Release 22.214.171.124 and have the MAC Filter Radius Compatibility mode set to Other to be exploited.
While the company has released software updates to patch the vulnerability, it has also mentioned workarounds for those unable to patch immediately. It has clearly stated that it isn’t responsible if the mitigations don’t work as expected.
Entering the config macfilter radius-compat cisco command in the WLC prompt CLI will address the issue for people who don’t use MAC filters in their environment. The issue can be mitigated for those who use MAC filters by changing the macfilter compatibility setting to either cisco or free.