CVE-2022-20695

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory.

Severity	CRITICAL
CVSS	10.0
EPSS	-
CWE	CWE-303
KEV
Published	4 years ago
Modified	1 year ago

CSAF Product Statuses

Product	Status	Source	Advisory	Rows
Cisco 3500 Series Wireless Controllers	known_affected	cisco_csaf	cisco-sa-wlc-auth-bypass-JRNhV4fF	2
Cisco 5500 Series Wireless Controllers	known_affected	cisco_csaf	cisco-sa-wlc-auth-bypass-JRNhV4fF	2
Cisco 8500 Series Wireless Controllers	known_affected	cisco_csaf	cisco-sa-wlc-auth-bypass-JRNhV4fF	2
Cisco Virtual Wireless Controller	known_affected	cisco_csaf	cisco-sa-wlc-auth-bypass-JRNhV4fF	2

Related Products

Product	Advisory
Cisco 5500 Series Wireless Controllers	cisco-sa-wlc-auth-bypass-JRNhV4fF
Cisco Wireless LAN Controller (WLC)	cisco-sa-wlc-auth-bypass-JRNhV4fF
Cisco 3500 Series Wireless Controllers	cisco-sa-wlc-auth-bypass-JRNhV4fF
Cisco 8500 Series Wireless Controllers	cisco-sa-wlc-auth-bypass-JRNhV4fF
Cisco Virtual Wireless Controller	cisco-sa-wlc-auth-bypass-JRNhV4fF
Cisco 8500 Series Secure Routers	cisco-sa-wlc-auth-bypass-JRNhV4fF