Cisco on Tuesday provided a vital security advisory for its Wireless LAN Controller (WLC), utilized in different Cisco items to handle wireless networks.
A vulnerability in the softwareapplication’s authentication code (bug type CWE-303) might permit an unauthenticated remote aggressor to bypass authentication controls and login to the gadget through its management userinterface.
“This vulnerability is due to the inappropriate execution of the password recognition algorithm,” Cisco’s advisory states. “An enemy might makeuseof this vulnerability by logging in to an impacted gadget with crafted qualifications.
“A effective makeuseof might permit the opponent to bypass authentication and log in to the gadget as an administrator.”
The advisory refers to the vulnerability as CVE-2022-20695 and keepsinmind that if the defect is effectively madeuseof, the opponent can gain administrator benefits. Cisco hasactually bestowed the vulnerability with a seriousness score of 10.0 out of 10.0. That’s as bad as it gets for those whose score scale does not go to 11.0, otherwise understood as “the call is coming from inside the home!”
The following Cisco items are impacted if they’re running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have MAC Filter RADIUS Compatibility mode set to Other:
- 3504 Wireless Controller
- 5520 Wireless Controller
- 8540 Wireless Controller
- Mobility Express
- Virtual Wireless Controller (vWLC)
That setting, if not top of mind, can be figuredout by goinginto the show macfilter summary command in the wlc command line userinterface for the gadget.
Creating a MAC address filter on a WLC uses admins a method to grant or reject gainaccessto to the WLAN network based on the customer MAC address. Cisco WLCs assistance either regional MAC authentication or MAC authentication utilizing a RADIUS server.
The advisory, though alarming, does explain possible workarounds for those who puton’t usage MAC filters in their environment. If that’s the case, simply fire up the CLI and gointo config macfilter radius-compat cisco at the wlc timely.
Even for those who do usage macfilters with their Cisco equipment, the CLI provides a method out by enabling adjustment of the macfilter compatibility setting to either cisco or free.
Keep in mind that Cisco is just offering these workarounds for those notable to spot rightaway. The network equipment biz desires clients to comprehend that it isn’t accountable if mitigation efforts go awry.
“While these workarounds haveactually been released and were tested effective in a test environment, clients must identify the applicability and efficiency in their own environment and under their own usage conditions,” the advisory warns.
Caveat machinator. ®
Speaking of extreme bugs, HP this month upgraded its Teradici PCoIP customer to close off a lot of libexpat security defects as well as the OpenSSL DoS hole that we covered earlier.
.
Cisco on Tuesday provided a vital security advisory for its Wireless LAN Controller (WLC), utilized in different Cisco items to handle wireless networks.
A vulnerability in the softwareapplication’s authentication code (bug type CWE-303) might permit an unauthenticated remote aggressor to bypass authentication controls and login to the gadget through its management userinterface.
“This vulnerability is due to the inappropriate execution of the password recognition algorithm,” Cisco’s advisory states. “An enemy might makeuseof this vulnerability by logging in to an impacted gadget with crafted qualifications.
“A effective makeuseof might permit the opponent to bypass authentication and log in to the gadget as an administrator.”
The advisory refers to the vulnerability as CVE-2022-20695 and keepsinmind that if the defect is effectively madeuseof, the opponent can gain administrator benefits. Cisco hasactually bestowed the vulnerability with a seriousness score of 10.0 out of 10.0. That’s as bad as it gets for those whose score scale does not go to 11.0, otherwise understood as “the call is coming from inside the home!”
The following Cisco items are impacted if they’re running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have MAC Filter RADIUS Compatibility mode set to Other:
- 3504 Wireless Controller
- 5520 Wireless Controller
- 8540 Wireless Controller
- Mobility Express
- Virtual Wireless Controller (vWLC)
That setting, if not top of mind, can be figuredout by goinginto the show macfilter summary command in the wlc command line userinterface for the gadget.
Creating a MAC address filter on a WLC uses admins a method to grant or reject gainaccessto to the WLAN network based on the customer MAC address. Cisco WLCs assistance either regional MAC authentication or MAC authentication utilizing a RADIUS server.
The advisory, though alarming, does explain possible workarounds for those who puton’t usage MAC filters in their environment. If that’s the case, simply fire up the CLI and gointo config macfilter radius-compat cisco at the wlc timely.
Even for those who do usage macfilters with their Cisco equipment, the CLI provides a method out by enabling adjustment of the macfilter compatibility setting to either cisco or free.
Keep in mind that Cisco is just offering these workarounds for those notable to spot rightaway. The network equipment biz desires clients to comprehend that it isn’t accountable if mitigation efforts go awry.
“While these workarounds haveactually been released and were tested effective in a test environment, clients must identify the applicability and efficiency in their own environment and under their own usage conditions,” the advisory warns.
Caveat machinator. ®
Speaking of extreme bugs, HP this month upgraded its Teradici PCoIP customer to close off a lot of libexpat security defects as well as the OpenSSL DoS hole that we covered earlier.
.
