Cisco patches max-severity flaw allowing arbitrary command execution

Successful exploitation of the flaw could allow attackers to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Non-WLC instances remain unaffected

According to the advisory, customers running IOS XE Software instances on devices that aren’t functioning as WLCs aren’t vulnerable.

The flaw only affects WLC instances that include products like Catalyst 9800-CL Wireless Controllers for Cloud, Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches, Catalyst 9800 Series Wireless Controllers, and Embedded Wireless Controller on Catalyst APs. Additionally, Cisco noted that for the exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device, which isn’t a default setting.

The said requirements strike off some widely used Cisco products from the vulnerable products list, including IOS Software, IOS XR Software, Meraki products, NX-OS Software, and WLC AireOS Software.

What's Hot

India has changed its startup rules for deep tech

How Elon Musk is rewriting the rules on founder power

Reddit says it’s looking for more acquisitions in adtech and elsewhere

AI is becoming introspective – and that ‘should be monitored carefully,’ warns Anthropic

Perplexity’s new AI tool lets you search patents with natural language – and it’s free

Are laser-powered tape measures legit? It took just minutes to make me a believer

College social app Fizz expands into grocery delivery

A Former Apple Luminary Sets Out to Create the Ultimate GPU Software

The Reason Murderbot’s Tone Feels Off

Most Popular