A critical vulnerability in Cisco IOS XE allows remote code execution through an arbitrary file upload due to a hardcoded JWT. Exploitation could enable attackers to perform root commands on affected Cisco devices such as Catalyst wireless controllers and switches. #CVE202520188 #CiscoIOSXE
Keypoints
- The vulnerability has a CVSS score of 10/10, indicating severe risk.
- It affects the Out-of-Band AP image download feature on specific Cisco devices.
- Successful exploitation can lead to path traversal, arbitrary file upload, and root command execution.
- Threat actors can exploit the flaw remotely via crafted HTTPS requests without authentication.
- Cisco recommends upgrading to patched software or disabling the vulnerable feature to mitigate the risk.
Views: 20