Subj : Cisco has patched a worrying flaw which could have let attackers To : All From : TechnologyDaily Date : Fri May 09 2025 16:00:09 Cisco has patched a worrying flaw which could have let attackers hijack devices Date: Fri, 09 May 2025 14:44:00 +0000 Description: Another day, another hardcoded token, as Cisco moves to defend against threats. FULL STORY ======================================================================Cisco has patched a 10/10 flaw in IOS XE Software for Wireless LAN Controllers The flaw was due to hardcoded tokens There is no evidence of abuse in the wild (yet) Cisco has released a patch for a maximum-severity flaw found in its IOS XE Software for Wireless LAN Controllers which could have allowed threat actors to take over vulnerable endpoints. The flaw is yet another case of hardcoded credentials, this time in the form of a JSON Web Token (JWT). An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface, it is explained in the NVD website. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. The vulnerability is now tracked as CVE-2025-20188, and has the maximum security score - 10/10 (critical). No mitigations It was also noted that the vulnerability can only be exploited on devices that have the Out-of-Band Image Download feature enabled which, on default settings, is not the case. According to BleepingComputer , this is a feature that allows access points to download OS images via HTTPS instead of CAPWAP, which is a somewhat more flexible and direct way of getting firmware onto access points. The publication says that while its off by default, some large-scale or automated enterprise deployments have turned it on. Unfortunately, there are no mitigations for the flaw. The best way to minimize the risk of exposure is to deploy the patch. A possible workaround is to disable the Out-of-Band Image Download feature, which could work well if the enterprise isnt actually using it. Cisco said it hasnt seen evidence of in-the-wild abuse just yet, but users should still be on their guard. Here is a list of vulnerable devices: Catalyst 9800-CL Wireless Controllers for Cloud Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches Catalyst 9800 Series Wireless Controllers Embedded Wireless Controller on Catalyst APs And here is a list of devices that are safe to use: Cisco IOS (non-XE) Cisco IOS XR Cisco Meraki products Cisco NX-OS Cisco AireOS-based WLCs You might also like Millions of online shoppers could be at risk from hardcoded Shopify tokens Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/cisco-has-patched-a-worrying-flaw-which -could-have-let-attackers-hijack-devices --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .