Home / About / Threat Intelligence / Cisco Wireless LAN Controller vulnerability

Overview

A critical vulnerability (CVE-2022-20695), rated 10 on the CVSSv3 score, has been discovered in Cisco Wireless LAN Controller (WLC). The vulnerability could allow a remote attacker to log in to some devices without using a password. The bug depends on a non-default configuration and workarounds are available.

Impact

A remote attacker could bypass authentication controls and log in to the device management interface.

Vulnerability Detection

Cisco advises that users can check their configuration with the show macfilter summary command. If RADIUS compatibility mode is shown as “Other”, the device is considered vulnerable:

wlc > show macfilter summary  
MAC Filter RADIUS Compatibility mode............. Other
MAC Filter Delimiter............................. Single-Hyphen
MAC Filter Entries............................... 0

Affected Products

The following devices may be vulnerable if they are running Cisco WLC version 8.10.151.0 or 8.10.162.0 and have macfilter radius compatibility mode set to “Other”:

  • 3504 Wireless Controller
  • 5520 Wireless Controller
  • 8540 Wireless Controller
  • Mobility Express
  • Virtual Wireless Controller (vWLC)

Containment, Mitigations & Remediations

A security update has been released but mitigations are available for where immediate patching is not practical.

Device owners who do not use macfilters can reset the macfilter radius compatibility mode:

wlc > config macfilter radius-compat cisco

Owners who use macfilters and are able to use other compatibility modes can modify the macfilter compatibility to either cisco or free:

wlc > config macfilter radius-compat cisco
wlc > config macfilter radius-compat free

Indicators of Compromise

None listed.

Threat Landscape

Cisco PSIRT are not aware of any malicious use of the exploit, however the simplicity of this exploit and the extent to which Cisco is used in enterprise environments means that this vector is likely to become a target by malicious attackers and Red Teams.

Mitre Methodologies

T1190 – Exploit Public-Facing Application

Further Information

Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability