Cisco has released an advisory to address an authentication bypass vulnerability in the management interface of Cisco Wireless LAN Controller (WLC) software. This vulnerability allows an unauthenticated remote attacker to bypass authentication controls and log in to the device through the management interface.
This vulnerability exists due to incorrect implementation of the password validation mechanism. Attackers can take advantage of this flaw by using forged credentials to log in to an affected device. On successful exploitation, attackers can bypass authentication and gain administrative-level rights, although this is contingent on the forged credentials.
This vulnerability exists because of non-default device configuration.
Affected versions
The vulnerability affects the following Cisco products if they are running Cisco WLC Software Release 8.10.151.0 or Release 8.10.162.0 and have macfilter radius compatibility configured as Other:
- 3504 Wireless Controller
- 5520 Wireless Controller
- 8540 Wireless Controller
- Mobility Express
- Virtual Wireless Controller (vWLC)
Workarounds
Cisco has mentioned the following workarounds to address the vulnerability. Choose one of the following mitigations based on your environment:
Option 1: No Macfilters in the Environment
If you do not use macfilters, you can reset the macfilter radius compatibility mode to the default value using the following CLI command:
“wlc > config macfilter radius-compat cisco”
Option 2: Macfilters in the Environment
If you use macfilters and can change the radius server configuration to match other possible compatibility modes, you can modify the macfilter compatibility to either cisco or free using one of the following CLI commands:
“wlc > config macfilter radius-compat cisco”
“wlc > config macfilter radius-compat free”
For more information about the different macfilter compatibility modes, refer to the following: Cisco Wireless Controller Command Reference.
Mitigation
Cisco has released software updates that address this vulnerability. Customers are advised to refer to Cisco Security Advisory for more information.
Qualys Detection
Qualys customers can scan their devices with QID 317143 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF