Cisco IOS-XE Arbitrary File Upload Vulnerability #
Cisco has disclosed a vulnerability for its IOS-XE operating system when running on Catalyst wireless LAN controllers. If successfully exploited, this vulnerability would allow a remote, unauthenticated attacker to upload arbitrary files to a vulnerable system. Successfully exploiting this vulnerability could result in arbitrary code execution with root privileges.
The vulnerability has been assigned CVE-2025-20188 and has a CVSS score of 10.0 (critical).
What is the impact? #
Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code with root privileges.
Are updates or workarounds available? #
Cisco has made software updates available and advises customers to update as quickly as possible.
This vulnerability can also be mitigated by disabling the “Out-of-Band AP Image Download” feature on affected systems.
How do I find potentially vulnerable systems with runZero? #
From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:
os:="Cisco IOS XE" AND hw:"Catalyst" AND (
(osversion:>="17.7.0" AND osversion:<="17.7.1")
OR (osversion:>="17.10.0" AND osversion:<="17.10.1")
OR (osversion:>="17.8.0" AND osversion:<="17.8.1")
OR (osversion:>="17.9.0" AND osversion:<="17.9.5")
OR (osversion:>="17.11.0" AND osversion:<="17.11.1")
OR (osversion:>="17.12.0" AND osversion:<="17.2.3")
OR (osversion:>="17.13.0" AND osversion:<="17.13.1")
OR (osversion:>="17.14.0" AND osversion:<="17.14.1")
OR (osversion:>="17.11.0" AND osversion:<="17.11.99")
)
September 26th, 2024 #
Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication which includes software updates that addresses the following vulnerabilities in their IOS & IOS XE software.
|
CVE |
Status |
CVSS Score |
|
High |
8.6 |
|
|
High |
8.6 |
|
|
High |
8.6 |
|
|
High |
8.6 |
|
|
High |
8.6 |
|
|
High |
8.6 |
|
|
High |
8.1 |
|
|
Medium |
6.5 |
|
|
Medium |
6.5 |
|
|
Medium |
5.8 |
|
|
Medium |
4.7 |
|
|
Medium |
4.3 |
What is the impact? #
Successful exploitation of these vulnerabilities range from denial-of-service attacks, privilege escalation, and arbitrary code execution.
Are updates or workarounds available? #
Cisco has indicated on each of these there are software updates available that its customers should apply to fix the issues outline in the advisory.
How do I find potentially vulnerable systems with runZero? #
From the Service Inventory, use the following query to locate systems running potentially vulnerable software:
os:"Cisco IOS%"October 25, 2021 #
Cisco Systems has disclosed 14 vulnerabilities in their devices which run Cisco IOS & IOS XE software.
|
CVE |
Status |
CVSS Score |
|
High |
8.6 |
|
|
High |
8.6 |
|
|
High |
8.6 |
|
|
High |
8.6 |
|
|
High |
7.4 |
|
|
High |
7.4 |
|
|
High |
7.4 |
|
|
High |
7.4 |
|
|
Medium |
6.5 |
|
|
Medium |
6 |
|
|
Medium |
5.8 |
|
|
Medium |
5.6 |
|
|
Medium |
5.5 |
What is the impact? #
Successful exploitation of these vulnerabilities range from denial-of-service attacks, privilege escalation, and arbitrary code execution.
Are updates or workarounds available? #
There are no workarounds for these vulnerabilities.
Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.
How do I find potentially vulnerable systems with runZero? #
From the Service Inventory, use the following query to locate systems running potentially vulnerable software:
os:"Cisco IOS%"CVE-2023-20198 (October 2021) #
In October 2021, an actively exploited critical zero-day vulnerability surfaced in the Cisco IOS-XE operating system, used on Cisco routers, switches, and other devices. Deemed “critical” in severity with a CVSS score of 10 out of 10, this vulnerability affected any device running Cisco IOS-XE with the Web UI component enabled.
What was the impact? #
Upon successful exploitation, this vulnerability (tracked as CVE-2023-20198) allowed attackers to execute arbitrary commands on the vulnerable system. This included the creation of privileged users, installation of additional modules or code, and, in general, total system compromise.
Cisco recommended disabling the Web UI component of all Internet-facing IOS-XE devices.
How runZero users found potentially vulnerable Cisco IOS-XE devices #
From the Services Inventory, the following query was used to locate assets running the Cisco IOS-XE operating system in a network that exposed a web interface and which may have needed remediation or mitigation:
(products:nginx OR products:openresty) AND _asset.protocol:http AND protocol:http AND http.body:"window.onload=function%url%=%/webui"About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.