Cisco Warns About Flaw That Gives Hackers Access Without Passwords

Cisco has issued a warning on a critical vulnerability in the Wireless LAN Controller (WLC) software.

The bug, traced as CVE-2022-20659, allows remote attackers to login to target devices via the management interface without using a valid password.

The bug is exploited through the improper implementation of the password validation algorithm, which makes it possible to bypass the standard authentication procedure for non-default device configurations.

Products affected by the vulnerability are products running Cisco WLC software or release that have “macfilter radius compatibility” configured as “Other.” Products include 3504 Wireless Controller, 5520 Wireless Controller, 8540 Wireless Controller, Mobility Express, and Virtual Wireless Controller (vWLC).

Administrators can determine if their configuration is vulnerable by running the “show macfilter summary” command. If the RADIUS compatibility mode returns “Other,” you’re vulnerable to attacks.

To fix the bug, users are advised to apply the latest available security updates ( or later) released by Cisco. This fixes the flaw irrespective of the configuration a user is using.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web