Cisco on Tuesday issued an important security advisory for its Wireless LAN Controllers (WLCs), which are used in various Cisco products for managing wireless networks.
A vulnerability in the software’s authentication code (bug type CWE-303) could allow an unauthorized remote attacker to bypass authentication controls and login to the device through its management interface.
“This vulnerability is due to improper implementation of the password verification algorithm,” Cisco’s advisory says. “An attacker can exploit this vulnerability by logging into the affected device with generated credentials.
“A successful exploit could allow an attacker to bypass authentication and log into the device as an administrator.”
The advisory refers to the vulnerability as CVE-2022-20695 and notes that if the flaw is successfully exploited, the attacker can gain administrator privileges. Cisco has provided the vulnerability with a severity rating of 10.0 out of 10.0. It’s just as bad for people whose rating scale doesn’t go up to 11.0, otherwise “calls from inside the house!” is referred to as.
The following Cisco products are affected if they are running Cisco WLC software release 126.96.36.199 or release 188.8.131.52 and have MAC Filter RADIUS compatibility mode set.
- 3504 Wireless Controller
- 5520 Wireless Controller
- 8540 Wireless Controller
- Mobility Express
- Virtual Wireless Controller (vWLC)
That setting, if not top of mind, can be set by entering
show macfilter summary command in the wlc command line interface for the device.
Creating MAC address filters on WLC provides a way for administrators to grant or deny access to a WLAN network based on client MAC addresses. Cisco WLCs support either local MAC authentication or MAC authentication using RADIUS servers.
The advisory, although dire, describes possible solutions for those who do not use MAC filters in their environments. If so, just activate the CLI and enter
config macfilter radius-compat cisco at the wlc prompt.
for those who Doing Use MacFilter with your Cisco gear, the CLI provides a way by allowing modification of the MacFilter compatibility setting
Keep in mind that Cisco is only providing these workarounds for those who are unable to patch immediately. Network Gear Biz wants customers to understand that it is not responsible if mitigation efforts fail.
“While these workarounds have been deployed and proven successful in a test environment, customers must determine their applicability and effectiveness in their own environment and under their own conditions of use,” warns the advisory.
Speaking of serious bugs, HP this month updated its Teradisi PCoIP client to close the LibExpat security flaw as well as the OpenSSL DoS hole we covered earlier.