TL;DR 📌

A medium-severity vulnerability has been identified in the Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud. This flaw allows unauthenticated remote attackers to access the public-key infrastructure (PKI) server, potentially enabling unauthorized device enrollment. Workarounds are available, and Cisco has recommended software updates to fully mitigate the risk.

What happened 🕵️‍♂️

A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud could allow an unauthenticated, remote attacker to access the PKI server running on affected devices. This issue arises due to incomplete cleanup after the Day One setup process. An attacker could exploit this vulnerability by sending Simple Certificate Enrollment Protocol (SCEP) requests, potentially allowing them to request a certificate and join an attacker-controlled device to the virtual wireless controller.