N/A

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

使用硬编码的凭证

Cisco IOS XE 信任管理问题漏洞

Cisco IOS XE是美国思科（Cisco）公司的一个操作系统。用于企业有线和无线访问，汇聚，核心和WAN的单一操作系统，Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE存在信任管理问题漏洞，该漏洞源于硬编码JSON Web Token，可能导致文件上传和路径遍历攻击。

N/A

N/A