- Cisco has paired a 10/10 defect in iOS XE software for wireless LAN controllers
- The defect was due to coded tokens
- There is no evidence of abuse in nature (still)
Cisco has launched a patch for a maximum severity defect found in its IOS XE software for wireless LAN controllers that could have allowed threat actors to assume vulnerable final points.
The defect is another case of coded credentials, this time in the form of a web token JSON (JWT). “An attacker could exploit this vulnerability by sending HTTPS requests designed to the AP images download interface,” explains the NVD website. “A successful exploit could allow the attacker to load files, carry out a route transfer and execute arbitrary commands with root privileges.”
Vulnerability is now tracked as CVE-2025-20188, and has the maximum security score: 10/10 (critic).
Without mitigations
It was also observed that vulnerability can only be exploited in devices that have the discharge function of out of the enabled band that, in the default configuration, is not the case.
According BleepingcomputerThis is a feature that allows access points to download images of the operating system through HTTPS instead of Capwap, which is a somewhat more flexible and direct way to put firmware at the access points.
The publication says that although it is off default, some large -scale or automated business implementations have activated it.
Unfortunately, there are no mitigations for the defect. The best way to minimize the risk of exposure is to implement the patch. A possible solution is to disable the discharge function of out -of -band images, which could work well if the company is not using it.
Cisco said he has not seen evidence of abuse in the bank, but users should still be on guard.
Here is a list of vulnerable devices:
Catalyst 9800-Cl Wireless Controllers For the Cloud
Catalyst 9800 wireless controller embedded for switches from the Catalyst 9300, 9400 and 9500 series
Wireless controllers of the Catalyst 9800 series
Integrated wireless controller in Catalyst APs
And here there is a list of devices that are safe to use:
Cisco iOS (no xe)
Cisco iOS XR
Cisco Meraki products
Cisco Nx-Os
WLC with headquarters in Cisco Airos
