Incorrect Implementation of Authentication Algorithm in Cisco Systems, Inc products - CVE-2022-20695
Published: April 14, 2022
Vulnerability identifier: #VU62340
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-20695
CWE-ID: CWE-303
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Wireless LAN Controller Software
Virtual Wireless Controller
3504 Wireless Controller
5520 Wireless Controller
8540 Wireless Controller
Cisco Mobility Express
Wireless LAN Controller Software
Virtual Wireless Controller
3504 Wireless Controller
5520 Wireless Controller
8540 Wireless Controller
Cisco Mobility Express
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the improper implementation of the password validation algorithm in the authentication functionality. A remote attacker can bypass authentication and log in to the device as an administrator.
How to mitigate CVE-2022-20695
Install updates from vendor's website.