Cisco Warns of Critical Flaw in Wireless Controller Software
By Netvora Tech News
Cisco has issued a warning about a critical vulnerability in its IOS XE wireless controller software, which allows an unauthenticated remote attacker to execute arbitrary commands with root privileges. The flaw, rated 10.0 on a scale of 1 to 10, is caused by a hardcoded JSON Web Token (JWT) and can be exploited by sending a specially crafted HTTPS request to the Out-of-Band Access Point (AP) image download feature.
Impact and Exploitation
The vulnerability, identified as CVE-2025-20188, affects the Cisco IOS XE Software for Wireless LAN Controllers (WLCs) used to manage wireless networks. This includes the Catalyst 9800-CL wireless controllers for cloud, Catalyst 9800 embedded wireless controller for Catalyst 9300, 9400, and 9500 switches, Catalyst 9800 wireless controllers, and embedded wireless controller on Catalyst access points.
A remote attacker can exploit the vulnerability by sending a specially crafted HTTPS request to the Out-of-Band AP image download feature. This allows the attacker to upload arbitrary files to a vulnerable system, execute arbitrary commands with root privileges, and perform path traversal.
However, the attacker must first enable the affected feature, which is not enabled by default.
Cisco Response
Cisco has released updates to mitigate the vulnerability and is not aware of any exploitation of the flaw. The company discovered the issue itself and has warned customers to take immediate action to patch their systems.
- Cisco's warning highlights the importance of keeping software up to date to prevent critical vulnerabilities.
- The hardcoded JWT in the wireless controller software is a significant security concern, as it allows unauthorized access to the system.
- Customers are advised to enable the Out-of-Band AP image download feature only when necessary and to ensure that the feature is properly configured to prevent exploitation.
Comments (0)
Leave a comment