Full Report
Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. [...]
Analysis Summary
# Vulnerability: Critical Arbitrary Command Execution in Cisco IOS XE AP Image Download Interface
## CVE Details
- CVE ID: CVE-2025-20188 (Inferred, as CVE is not explicitly stated but implied for the main high-severity flaw)
- CVSS Score: 10.0 (Critical) (Inferred based on description "max severity" and root access potential)
- CWE: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')) - Inferred from arbitrary command execution/path traversal.
## Affected Systems
- Products:
- Catalyst 9800-CL Wireless Controllers for Cloud
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst APs
- Versions: Not specified, but all versions where the feature is enabled.
- Configurations: **Requires the 'Out-of-Band AP Image Download' feature to be enabled.** (This feature is disabled by default).
## Vulnerability Description
The vulnerability exists in the File Upload/Download interface related to the 'Out-of-Band AP Image Download' feature on Cisco IOS XE devices. An unauthenticated, remote attacker can exploit this flaw by sending specially crafted HTTPS requests to the AP image download interface. A successful exploit allows the attacker to upload arbitrary files, perform path traversal attacks, and ultimately execute arbitrary commands with **root privileges** on the affected device.
## Exploitation
- Status: Cisco is currently unaware of any active exploitation, but it is highly likely threat actors will begin scanning immediately due to the severity.
- Complexity: Low (Implied by the ability to exploit remotely with crafted HTTPS requests).
- Attack Vector: Network
## Impact
- Confidentiality: High (Root privileges allow access to sensitive data)
- Integrity: High (Ability to execute arbitrary commands allows system alteration)
- Availability: High (Ability to execute arbitrary commands can lead to system disruption)
## Remediation
### Patches
- Cisco has released security updates addressing this critical vulnerability. Administrators should consult the Cisco Software Checker tool using their specific device model to determine the exact fixed version.
### Workarounds
- **Disable the 'Out-of-Band AP Image Download' feature.** Since this feature is disabled by default, environments that have not explicitly enabled it for provisioning or recovery are not vulnerable to this specific vector.
## Detection
- Indicators of compromise would include unexpected file uploads to the device file system or the execution of unexpected system commands as the root user.
- Detection should focus on monitoring the file upload/download interface traffic associated with the AP Image Download feature for anomalous or malformed HTTPS requests.
## References
- Vendor Advisory Link: sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC (Defanged: sec[.]cloudapps[.]cisco[.]com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC)