https://www.theregister.com/2022/04/14/cisco_wireless_controller_flaw/?td=rt-3a
(patch available apparently)
"A vulnerability in the software's authentication code (bug type
CWE-303) could allow an unauthenticated remote attacker to bypass authentication controls and login to the device via its management
interface."
"An attacker could exploit this vulnerability by logging in to an
affected device with crafted credentials."
"A successful exploit could allow the attacker to bypass authentication
and log in to the device as an administrator."
"The advisory refers to the vulnerability as CVE-2022-20695"
There are a couple of workarounds mentioned in the article for those
unable to patch immediately.
--
(aka 'Bombastic Bob' in case you wondered)
'Feeling with my fingers, and thinking with my brain' - me
'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)