A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file ...| sec.cloudapps.cisco.com
The bug can allow unauthorized, remote attackers to upload arbitrary files on devices running buggy IOS XE Software instances.| CSO Online
Security experts call vulnerability a 'textbook case' of dangerous coding practices; Cisco issues urgent patch.| CSO Online
This document explains common problems with getting Open Shortest Path First (OSPF) neighbors to become fully adjacent.| Cisco
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Fix information can be found in the Fixed Software section of this advisory. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local u...| sec.cloudapps.cisco.com
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash m...| sec.cloudapps.cisco.com
psirt, security vulnerability, vulnerability, policy| sec.cloudapps.cisco.com