Cisco Wireless LAN Controllers under threat again after critical…

According to the Horizon3 analysis, a hard-coded JSON Web Token (JWT) is at the root of the exploit. “It’s crucial to eliminate hard-coded secrets from authentication workflows, enforce robust file upload validation and path sanitization, and maintain continuous monitoring and patch management across all critical systems,” Barne added.

Diffing allowed locating hard-coded JWT

Tracked as CVE-2025-20188, the flaw disclosed earlier in May was revealed to be an issue affecting the Out-of-Band Access Point (AP) Download feature of Cisco IOS XE Software for WLCs. The AP image download interface uses a hard-coded JWT for authentication, which an attacker can use to authenticate requests without valid credentials.

Horizon3 researchers diffed file system contents from ISO images to arrive at the Lua scripts, where notable changes were found. The scripts referenced both JWT tokens and the associated key, indicating their involvement in the vulnerability. The researchers then performed a simple grep search across the source code to determine how and where these Lua scripts were invoked.

Source link

Cisco Wireless LAN Controllers under threat again after critical exploit details go public

Diffing allowed locating hard-coded JWT

Leave a Comment Cancel reply

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

Leave a Comment Cancel reply

VMWARE

Configuration Templates