Checking for incorrect passwords allows anyone to connect to Cisco WLAN checks • The Registry

Cisco on Tuesday issued a critical security advisory for its Wireless LAN Controller (WLC), which is used in various Cisco products to manage wireless networks.

A vulnerability in the authentication code of the software (type bug CWE-303) could allow an unauthenticated remote attacker to bypass authentication checks and log into the device through its management interface.

“This vulnerability is caused by improper implementation of the password validation algorithm,” Cisco said. advisory said. “An attacker could exploit this vulnerability by logging into an affected device with specially crafted credentials.

“A successful exploit could allow the attacker to bypass authentication and log into the device as an administrator.”

The advisory refers to the vulnerability as CVE-2022-20695 and notes that if the flaw is successfully exploited, the attacker can gain administrator privileges. Cisco assigned the vulnerability a severity rating of 10.0 out of 10.0. That’s as bad as it gets for those whose rating scale doesn’t go to 11.0, aka “the call is coming from inside the house!”

The following Cisco products are affected if they are running Cisco WLC software version or and the MAC filter RADIUS compatibility mode is set to Other:

  • 3504 Wireless Controller
  • 5520 wireless controller
  • 8540 Wireless Controller
  • Express Mobility
  • Virtual Wireless Controller (vWLC)

This setting, if not overriding, can be determined by entering the show macfilter summary command in the wlc command line interface for the device.

Creating a MAC address filter on a WLC provides administrators with a way to grant or deny access to the WLAN network based on the MAC address of the client. Cisco WLCs support local MAC authentication or MAC authentication using a RADIUS server.

The advisory, while dire, outlines potential workarounds for those who don’t use MAC filters in their environment. If so, just launch the CLI and enter config macfilter radius-compat cisco at the wlc prompt.

Even for those who To do use macfilters with their Cisco equipment, the CLI provides a way out by allowing modification of the macfilter compatibility setting either cisco or free.

Keep in mind that Cisco only provides these workarounds to people unable to fix immediately. The network equipment industry wants customers to understand that it is not responsible if mitigation efforts go wrong.

“Although these workarounds have been deployed and shown to be effective in a test environment, customers should determine applicability and effectiveness in their own environment and under their own operating conditions,” the advisory warns. .

Warning machine. ®

Speaking of serious bugs, HP this month update its Teradici PCoIP client to close a bunch security vulnerabilities of libexpat as well as OpenSSL DoS hole we covered earlier.

Comments are closed.