Get in Touch
Please get in touch using the form below.
Cisco Wireless LAN Controller vulnerability
Overview
A critical vulnerability (CVE-2022-20695), rated 10 on the CVSSv3 score, has been discovered in Cisco Wireless LAN Controller (WLC). The vulnerability could allow a remote attacker to log in to some devices without using a password. The bug depends on a non-default configuration and workarounds are available.
Impact
A remote attacker could bypass authentication controls and log in to the device management interface.
Vulnerability Detection
Cisco advises that users can check their configuration with the show macfilter summary
command. If RADIUS compatibility mode is shown as “Other”, the device is considered vulnerable:
wlc > show macfilter summary
MAC Filter RADIUS Compatibility mode............. Other MAC Filter Delimiter............................. Single-Hyphen MAC Filter Entries............................... 0
Affected Products
The following devices may be vulnerable if they are running Cisco WLC version 8.10.151.0 or 8.10.162.0 and have macfilter radius compatibility mode set to “Other”:
- 3504 Wireless Controller
- 5520 Wireless Controller
- 8540 Wireless Controller
- Mobility Express
- Virtual Wireless Controller (vWLC)
Containment, Mitigations & Remediations
A security update has been released but mitigations are available for where immediate patching is not practical.
Device owners who do not use macfilters can reset the macfilter radius compatibility mode:
wlc > config macfilter radius-compat cisco
Owners who use macfilters and are able to use other compatibility modes can modify the macfilter compatibility to either cisco
or free
:
wlc > config macfilter radius-compat cisco
wlc > config macfilter radius-compat free
Indicators of Compromise
None listed.
Threat Landscape
Cisco PSIRT are not aware of any malicious use of the exploit, however the simplicity of this exploit and the extent to which Cisco is used in enterprise environments means that this vector is likely to become a target by malicious attackers and Red Teams.
Mitre Methodologies
T1190 – Exploit Public-Facing Application
Further Information
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability