Cisco patches max-severity flaw allowing arbitrary command execution

Successful exploitation of the flaw could allow attackers to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Non-WLC instances remain unaffected

According to the advisory, customers running IOS XE Software instances on devices that aren’t functioning as WLCs aren’t vulnerable.

The flaw only affects WLC instances that include products like Catalyst 9800-CL Wireless Controllers for Cloud, Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches, Catalyst 9800 Series Wireless Controllers, and Embedded Wireless Controller on Catalyst APs. Additionally, Cisco noted that for the exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device, which isn’t a default setting.

The said requirements strike off some widely used Cisco products from the vulnerable products list, including IOS Software, IOS XR Software, Meraki products, NX-OS Software, and WLC AireOS Software.

What's Hot

Orbio raises $21 million to automate hiring and onboarding for frontline workers

As AI companies race to go public, who else is along for the ride?

As Anthropic suspends access to new models, India debates its AI future

AI is becoming introspective – and that ‘should be monitored carefully,’ warns Anthropic

Perplexity’s new AI tool lets you search patents with natural language – and it’s free

Are laser-powered tape measures legit? It took just minutes to make me a believer

College social app Fizz expands into grocery delivery

SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

Future of Digital Privacy and Security: 7 Truths Nobody Tells You

What's Hot

Cisco patches max-severity flaw allowing arbitrary command execution

Non-WLC instances remain unaffected

Related Posts

Join the Techurz Brief