Cisco has launched patches to consist of a critical security vulnerability influencing the Wi-fi LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to choose control of an afflicted technique.
Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and permits an adversary to bypass authentication controls and log in to the gadget by way of the administration interface of WLC.
“This vulnerability is because of to the incorrect implementation of the password validation algorithm,” the business mentioned in an advisory. “An attacker could exploit this vulnerability by logging in to an afflicted unit with crafted credentials.”
Thriving exploitation of the flaw could permit an attacker to get administrator privileges and carry out malicious actions in a manner that permits a full takeover of the susceptible system.
The organization pressured that the issue only influences the adhering to goods if managing Cisco WLC Computer software Launch 8.10.151. or Launch 8.10.162. and have macfilter radius compatibility configured as Other –
- 3504 Wireless Controller
- 5520 Wi-fi Controller
- 8540 Wireless Controller
- Mobility Express, and
- Virtual Wi-fi Controller (vWLC)
End users are encouraged to update to version 8.10.171. to address the flaw. Cisco Wireless LAN Controller variations 8.9 and previously as perfectly as 8.10.142. and earlier, are not susceptible.
Cisco, crediting an unnamed researcher at Bispok with reporting the weak point, reported there is no evidence that CVE-2022-20695 is remaining actively exploited in the wild.
Also patched by the networking devices important this 7 days are 14 superior severity flaws and nine medium severity issues impacting Cisco IOS XE/XR and SD-WAN vManage software package, and Catalyst Digital Creating Sequence Switches and Catalyst Micro Switches.
Located this write-up exciting? Adhere to THN on Fb, Twitter and LinkedIn to go through far more exclusive information we publish.
Some sections of this posting are sourced from: