Cisco IOS XE Unauthenticated Access to PKI Server Vulnerability in Catalyst 9800-CL Controllers

A vulnerability exists in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL). This vulnerability allows an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server on the affected device. The issue arises from incomplete cleanup after the Day One setup, enabling attackers to send Simple Certificate Enrollment Protocol (SCEP) requests, request certificates from the virtual wireless controller, and use those certificates to join attacker-controlled devices to the controller.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the PKI server, allowing attackers to enroll certificates and potentially join malicious devices to the virtual wireless controller.

Remediation

Administrators can shut down the PKI server associated with the wireless LAN controller hostname to mitigate this vulnerability. Cisco has also released software updates to address the issue.