CVE-2022-20695Incorrect Implementation of Authentication Algorithm in Cisco Wireless LAN Controller

CWE-303Incorrect Implementation of Authentication AlgorithmCWE-287Improper Authentication4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
2.7%
top 14.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Wireless LAN Controller
Timeline
PublishedApr 15
Latest updateApr 16

Description

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass au

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2cxv-rmxp-hvp9: A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to2022-04-16
CVEList
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability2022-04-15

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability2022-04-13
CVE-2022-20695 — Cisco vulnerability | cvebase