- Cisco has corrected a 10/10 flaw in iOS Xe software for wireless LAN controllers
- The flaw was due to tokens coded in hard
- There is no evidence of abuse in nature (still)
Cisco has published a corrective for a maximum severity flaw found in its iOS Xe software for wireless LAN controllers, which could have allowed the threats of taking control of vulnerable terminals.
The defect is yet another case of references coded in hard, this time in the form of a JSON web token (JWT). “An attacker could use this vulnerability by sending HTTPS requests made to the AP image download interface,” he explains on the NVD website. “A successful feat could allow the attacker to download files, carry out a path crossing and execute arbitrary commands with root privileges.”
Vulnerability is now followed under the name of CVE-2025-20188 and has the maximum safety score-10/10 (critic).
No attenuation
It has also been noted that vulnerability can only be used on devices that have the activated image download function which, on default settings, is not the case.
According to Bleeping CompomputeThis is a feature that allows access points to download images from the operating system via HTTPS instead of CAPWAP, which is a slightly more flexible and direct means of bringing the firmware to access points.
The publication indicates that even if it is deactivated by default, certain large -scale or automated business deployments have activated it.
Unfortunately, there is no attenuation for the defect. The best way to minimize the risk of exposure is to deploy the patch. A possible bypass solution is to deactivate the image download function outside of bands, which could well work if the company does not really use it.
Cisco said it had not yet seen any evidence of abuse in the will, but users should always be on their care.
Here is a list of vulnerable devices:
Catalyst Catalyst 9800-CL wireless controllers for cloud
Catalyst 9800 wireless controller for switches from the Catalyst 9300, 9400 and 9500 series
Wireless contractors of the Catalyst 9800 series series
Integrated wireless controller on APS Catalyst
And here is a list of devices that are sure to use:
Cisco iOS (not xe)
Cisco iOS XR
Cisco Meraki products
Cisco NX-OS
WLCS based on Cisco Aireos
