CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-20188

CVSS 10.0v3.1pub. 2025-05-07upd. 2025-06-23

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

🤖 AI Analysis
How it works

The root cause of the vulnerability is the presence of a hardcoded JWT (JSON Web Token) token in Cisco IOS XE software. An attacker sends crafted HTTPS requests to the AP file upload interface, authenticating using this token without possessing any credentials of their own. Successful exploitation enables uploading arbitrary files to the vulnerable system and performing path traversal to place them in selected file system locations. As a result, it is possible to execute arbitrary commands with root privileges.

Impact

An attacker can gain full control of the device — upload malicious files, modify system configuration, and execute arbitrary commands with the highest privileges (root), resulting in complete violation of the device's confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to the references — detailed information about fixed versions is contained in the official Cisco advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC. As a temporary workaround, consider restricting access to the AP file upload interface at the network level.

Who is affected

Cisco IOS XE Software for Wireless LAN Controllers (WLC) — versions indicated in the vendor's references (Cisco advisory).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco IOS XE

    OS
    Cisco
    17.11.117.11.99sw17.12.117.12.217.12.317.13.117.14.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2023-20198CRITICAL10.0⚠ KEVten sam produkt

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2018-0151CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...

CVE-2017-3881CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...

CVE-2025-20363CRITICAL9.0PL ✓ten sam produkt

RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP

CVE-2021-34770CRITICAL10.0ten sam produkt

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisc...