#VU62340 Incorrect Implementation of Authentication Algorithm in Cisco Systems, Inc products - CVE-2022-20695
Published: April 14, 2022
Vulnerability identifier: #VU62340
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-20695
CWE-ID: CWE-303
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Wireless LAN Controller Software
Virtual Wireless Controller
3504 Wireless Controller
5520 Wireless Controller
8540 Wireless Controller
Cisco Mobility Express
Wireless LAN Controller Software
Virtual Wireless Controller
3504 Wireless Controller
5520 Wireless Controller
8540 Wireless Controller
Cisco Mobility Express
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the improper implementation of the password validation algorithm in the authentication functionality. A remote attacker can bypass authentication and log in to the device as an administrator.
Remediation
Install updates from vendor's website.