Profitable exploitation of the flaw might enable attackers to add information, carry out path traversal, and execute arbitrary instructions with root privileges.
Non-WLC situations stay unaffected
In accordance with the advisory, clients working IOS XE Software program situations on gadgets that aren’t functioning as WLCs aren’t weak.
The flaw solely impacts WLC situations that embrace merchandise like Catalyst 9800-CL Wi-fi Controllers for Cloud, Catalyst 9800 Embedded Wi-fi Controller for Catalyst 9300, 9400, and 9500 Collection Switches, Catalyst 9800 Collection Wi-fi Controllers, and Embedded Wi-fi Controller on Catalyst APs. Moreover, Cisco famous that for the exploitation to achieve success, the Out-of-Band AP Picture Obtain characteristic have to be enabled on the machine, which isn’t a default setting.
The stated necessities strike off some broadly used Cisco merchandise from the weak merchandise listing, together with IOS Software program, IOS XR Software program, Meraki merchandise, NX-OS Software program, and WLC AireOS Software program.
