NEWS BRIEF
Cisco has launched a patch for a crucial vulnerability present in its Cisco Assembly Administration function that would permit a distant, authenticated attacker to raise themselves to administrator privileges on an affected gadget.
The vulnerability, tracked as CVE-2025-20156 (CVSS rating of 9.9), is positioned within the REST API and exists as a result of “correct authorization” just isn’t enforced on REST API customers. Ought to an attacker ship specifically crafted API requests to a particular endpoint, they might exploit the vulnerability and permit an attacker to achieve administrator-level management over edge nodes managed by Cisco Assembly Administration.
The administration system is weak to the bug no matter gadget configuration, in keeping with the advisory. So, anybody utilizing Cisco Assembly Administration 3.9 or earlier would wish emigrate to a supported model with a view to repair the bug. These with model 3.9 ought to improve to model 3.9.1; and people with model 3.10 stay unaffected. There aren’t any workarounds to deal with the vulnerability.
Source link