Cisco has released a software fix to address the maximum security flaws in IOS XE wireless controllers.
The vulnerability tracked as CVE-2025-20188 is rated 10.0 by the CVSS scoring system.
“The vulnerability is due to the presence of hard-coded JSON Web Tokens (JWTs) on affected systems,” the company said in advice Wednesday.
“Attackers can exploit this vulnerability by sending HTTPS requests created in the AP image download interface. A successful exploit allows an attacker to upload a file, perform a past traversal, and execute arbitrary commands using root privileges.”
That being said, for successful exploitation, you need to enable out-of-band AP image download functionality on your device. It is disabled by default.
The following products are affected if you are running a vulnerable release and the out-of-band AP image download feature is turned on.
CATALYST 9800-CL Cloud Catalyst Wireless Controller for Catalyst 9800 Series Wireless Controller Embedded Wireless Controller Catalyst APS
Updates to the latest version are the best action course as a temporary mitigation, but users can disable the feature until they can perform the upgrade.
“If you disable this feature, downloading AP images will use the CAPWAP method for the AP image update feature, which will not affect the AP client state,” Cisco added.
Networking Equipment Major credited the XB of the Cisco Advanced Security Initiatives Group (ASIG) who discovered reports of a bug during internal security testing. There is no evidence that the vulnerability was exploited in the wild.
Source link
