Max-Critical Cisco Bug Enables Command-Injection Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Max-Critical Cisco Bug Enables Command-Injection Attacks


Though Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks.



Cisco is warning of a critical security vulnerability found in its Unified industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) access points that could allow an unauthenticated remote attacker to release command-injection attacks.
An attacker could exploit the vulnerability (CVE-2024-20418, CVSS 10) by sending HTTP requests to the Web-based management interface of an affected system. If successful, the attacker could execute arbitrary commands with root privileges in the affected devices underlying operating system.
The vulnerability exists due to an improper validation of input to the Web-based management interface. It affects the three
Cisco wireless access points
(APs) if they have the URWB operating mode enabled and are running a vulnerable release: Catalyst IW9165D, Catalyst IW9165E (both APs and clients), and Catalyst IW9167E.
Devices not running URWB operating mode remain unaffected by this vulnerability. To ascertain whether URWB is enabled, users should use the show mpls-config CLI command.
If the command is available, the URWB operating mode is enabled and the device is affected by this vulnerability,
Cisco said
. If the command is not available, the URWB operating mode is disabled and the device is not affected by this vulnerability.
Cisco said its unaware of any public exploitation of the vulnerability and has released a fix for the flaw, but there are no other workarounds to address it.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Max-Critical Cisco Bug Enables Command-Injection Attacks