What is CVE-2022-20695?

CVE-2022-20695 is a critical-severity vulnerability in Cisco Wireless Lan Controller (Wlc), classified under Incorrect Implementation of Authentication Algorithm. CVSS score: 10.0/10. Published 2022-04-15.

How severe is CVE-2022-20695?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Cisco Wireless Lan Controller (Wlc)

CVE-2022-20695

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface…

EPSS: 0.027 (86.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Cisco Wireless Lan Controller (Wlc) — versions n/a

Weakness classification (CWE)

CWE-303 — Incorrect Implementation of Authentication Algorithm

References

20220413 Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2022-20695?: CVE-2022-20695 is a critical-severity vulnerability in Cisco Wireless Lan Controller (Wlc), classified under Incorrect Implementation of Authentication Algorithm. CVSS score: 10.0/10. Published 2022-04-15.
How severe is CVE-2022-20695?: Critical severity. CVSS v3 base score is 10.0 out of 10.