CRITICAL✓ PATCH🇬🇧 English

CVE-2022-20695

CVSS 10.0v3.1pub. 2022-04-15upd. 2024-11-21

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco 3504 Wireless Controller

    HW
    Cisco
    wszystkie wersje
  • Cisco 5520 Wireless Controller

    HW
    Cisco
    wszystkie wersje
  • Cisco 8540 Wireless Controller

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1540

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1542d

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1542i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1560

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1562d

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1562e

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1562i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1815

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1815i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1815m

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1815t

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1815w

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1830

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1830e

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1830i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1832

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1850

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1850e

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1850i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1852

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 2800

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 2800e

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 2800i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 3800

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 3800e

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 3800i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 3800p

    HW
    Cisco
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2019-15260CRITICAL9.8ten sam produkt

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker ...

CVE-2017-3831CRITICAL9.8ten sam produkt

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauth...

CVE-2022-20769HIGH7.4ten sam produkt

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software cou...

CVE-2021-34740HIGH7.4ten sam produkt

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software...

CVE-2021-1419HIGH7.8ten sam produkt

A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a lo...

CVE-2022-20695 — CRITICAL 10.0 | CVEbaza.pl