- Description
- A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with privilege level 15. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-78
- Hype score
- Not currently trending
⚠️Múltiples vulnerabilidades en los productos de Cisco ❗CVE-2025-20188 ❗CVE-2025-20186 ❗CVE-2025-20162 ➡️Más info: https://t.co/38fQRXhRmZ https://t.co/MnpU8rdA9y
@CERTpy
9 May 2025
213 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-20186 🔴 HIGH (8.8) 🏢 Cisco - Cisco IOS XE Software 🏗️ 16.12.8 🔗 https://t.co/AI6jLLlltC #CyberCron #VulnAlert #InfoSec https://t.co/fZVXbzSmKZ
@cybercronai
8 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20186 A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker wi… https://t.co/BJHI3AK2GD
@CVEnew
7 May 2025
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes