Cisco Wireless LAN Controller security bypass | CVE-2022-20695
NAME
Cisco Wireless LAN Controller security bypass
- Platforms Affected:
Cisco Wireless Lan Controller - Risk Level:
10 - Exploitability:
Unproven - Consequences:
Bypass Security
DESCRIPTION
Cisco Wireless LAN Controller (WLC) could allow a remote attacker to bypass security restrictions, caused by improper implementation of the password validation algorithm. By logging in to an affected device with specially crafted credentials, an attacker could exploit this vulnerability to bypass authentication controls and log in to the device through the management interface.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Cisco Security Advisory cisco-sa-wlc-auth-bypass-JRNhV4fF for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20695
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
