Broken password check algorithm lets anyone log into Cisco's Wi-Fi admin software
Specially crafted credentials grant remote high-privilege access? That's a 10 out of 10 in severity

Cisco on Tuesday issued a critical security advisory for its Wireless LAN Controller (WLC), used in various Cisco products to manage wireless networks.

A vulnerability in the software's authentication code (bug type CWE-303) could allow an unauthenticated remote attacker to bypass authentication controls and login to the device via its management interface.

"This vulnerability is due to the improper implementation of the password validation algorithm," Cisco's advisory says. "An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials.

"A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator."