Cisco Issues an Advisory for WiFi Admin Software
Cisco has issued a critical security advisory for its wireless LAN controller (WLC). This warning has a severity rating of 10.0 out of 10.0 — in other words, it is a five-alarm fire for Cisco devices running WLC software releases 8.10.151 to 8.10.162 with MAC filter RADIUS Compatibility mode set to Other . This bug appears in the MITRE database as CWE-303. Some of the devices affected by the bug include the 3504, 5520, and 8540 Cisco wireless controllers, as well as Cisco’s Virtual Wireless Controller (vWLC) and Mobility Express devices.
According to the advisory, an attacker who logs into the device with well crafted credentials could bypass the authentication mechanism and gain administrative access. A patch for this bug is available now, and Cisco recommends patching immediately. If you aren’t able to patch right now, the company does provide some workarounds to better protect your system until you are able to patch.