Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the gravity-forms-pdf-extended domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/laditech/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the post-title-marquee-scroll domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/laditech/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the schema-and-structured-data-for-wp domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/laditech/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the uael domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/laditech/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/laditech/public_html/wp-includes/functions.php on line 6114
Hackers may create their own login credentials thanks to a Cisco’s vulnerability

Hackers may create their own login credentials thanks to a Cisco’s vulnerability

Hackers may create their own login credentials thanks to a Cisco’s vulnerability

Cisco has issued a security alert regarding a significant vulnerability (CVSS v3 score: 10.0) in the Wireless LAN Controller (WLC) software, which is tracked as CVE-2022-20695.

Remote attackers can use the management interface to log in to target devices without providing a valid password due to a security weakness.

The flaw is caused by an incorrect implementation of the password validation method, which allows non-default device settings to evade the regular authentication procedure.

If this condition is met, the attacker can exploit forged credentials to obtain access to various degrees of power, possibly all the way up to an administrative user.

Effects and redress

The products impacted by this problem, according to Cisco’s alert, are those that run Cisco WLC Software 8.10.151.0 or Release 8.10.162.0 and have “macfilter radius compatibility” set to “Other.”

The following items are affected:

Mobility Express Virtual Wireless Controller 3504 Wireless Controller 5520 Wireless Controller 8540 Wireless Controller (vWLC)

In addition to the foregoing, users that use the following builds that aren’t available through the Software Center should be aware that they are at risk: 8.10.151.4 to 8.10.151.10, and 8.10.162.1 to 8.10.162.14, respectively.

Finally, Cisco has certified that the following are not CVE-2022-20695 vulnerable:

Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches, Catalyst 9800

Wireless Controllers from the Catalyst 9800 Series

Wireless LAN Controller (WLC) AireOS devices not included in the Vulnerable Products section Catalyst 9800 Wireless Controller for Cloud Embedded Wireless Controller on Catalyst Access Points

Use the “display macfilter summary” command to see if your setup is susceptible. You’re exposed to assaults if the RADIUS compatibility mode returns “Other.”

No matter what configuration you’re using, applying Cisco’s latest available security patches (8.10.171.0 or later) will resolve this issue.

Alternatives that might be used

For individuals who are unable to upgrade the Wireless LAN Controller, Cisco has suggested two solutions.

The first approach is to use the command “config macfilter radius-compat cisco” to restore the “macfilter radius compatibility” mode to its default state.

The second alternative is to use the command “config macfilter radius-compat free” to modify the settings to other safe modes, such as “free.”

Cisco isn’t aware of the vulnerability being actively exploited at the time of writing, and Bleeping Computer hasn’t received any reports of scanning efforts either.

Source

Share this on

Facebook
LinkedIn
Twitter
Pinterest
Email
WhatsApp
Telegram
Skype

About LadiTech

We are a group of passionate people working to provide the most distinctive and effective services to all of our clients throughout the world. We contribute enthusiasm and zeal to all of our initiatives and responsibilities, and we reap the rewards as a consequence.

Instagram Facebook Linkedin Twitter

Recent Posts

Get professional IT consulting services about IT management, custom software and website development to improve your business or start your own IT project. Read our pages to learn more about the IT consulting we offer to companies like yours.

Services
Useful Links