Critical Cisco Wireless LAN Controller Software Auth Bypass Bug

Critical Cisco Wireless LAN Controller Software Auth Bypass Bug


In order to address a critical security vulnerability in the Wireless LAN Controller (WLC), Cisco has released patches.


The issue, tracked as CVE-2022-20695, allows an adversary to bypass authentication controls and log in to the device through the WLC management interface.


"The password validation algorithm was improperly implemented," the company said in an advisory. "An attacker could use crafted credentials to log into a vulnerable device."


An attacker could gain administrator privileges and perform malicious actions on the vulnerable system if the flaw is successfully exploited.


The issue only affects products running Cisco WLC Software Release 8.10.151.0 or 8.10.162.0 with macfilter radius compatibility set to Other -


  • 3504 Wireless Controller
  • 5520 Wireless Controller
  • 8540 Wireless Controller
  • Mobility Express, and
  • Virtual Wireless Controller (vWLC)


To fix the flaw, users should update to version 8.10.171.0. Cisco Wireless LAN Controller versions 8.9 and earlier are not vulnerable.


Cisco said there is no evidence that CVE-2022-20695 is being actively exploited in the wild, citing an unnamed Bispok researcher.


This week, Cisco also fixed 14 high-severity flaws and nine medium-severity flaws in IOS XE/XR, SD-WAN vManage, Catalyst Digital Building Series and Catalyst Micro Switches.

0 Comments

Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post