Profitable exploitation of the flaw might enable attackers to add recordsdata, carry out path traversal, and execute arbitrary instructions with root privileges.
Non-WLC situations stay unaffected
Based on the advisory, prospects operating IOS XE Software program situations on units that aren’t functioning as WLCs aren’t weak.
The flaw solely impacts WLC situations that embrace merchandise like Catalyst 9800-CL Wi-fi Controllers for Cloud, Catalyst 9800 Embedded Wi-fi Controller for Catalyst 9300, 9400, and 9500 Sequence Switches, Catalyst 9800 Sequence Wi-fi Controllers, and Embedded Wi-fi Controller on Catalyst APs. Moreover, Cisco famous that for the exploitation to achieve success, the Out-of-Band AP Picture Obtain function should be enabled on the system, which isn’t a default setting.
The mentioned necessities strike off some broadly used Cisco merchandise from the weak merchandise listing, together with IOS Software program, IOS XR Software program, Meraki merchandise, NX-OS Software program, and WLC AireOS Software program.
