An encoding bypass in the webui_wsma_https endpoint in Cisco IOS XE allows unauthenticated remote attackers to execute commands and configure the system through SOAP requests via the Web Service Management Agent (WMSA). This can be abused to create unauthorized local administrator accounts (user with privilege level 15) and log in with normal user access.
CVE Link
Exploit Type
Product Name