A crucial vulnerability has been found in Cisco Unified Industrial Wi-fi Software program, which impacts Cisco Extremely-Dependable Wi-fi Backhaul (URWB) Entry Factors.
This flaw tracked as CVE-2024-20418 permits unauthenticated, distant attackers to carry out command injection assaults and execute arbitrary instructions as the foundation person on the underlying working system of the affected gadgets.
Vulnerability Particulars – CVE-2024-20418
The vulnerability arises on account of improper enter validation throughout the web-based administration interface of the affected methods.
Exploiting this flaw is comparatively simple: attackers solely must ship specifically crafted HTTP requests to the online interface to achieve root-level entry.
Construct an in-house SOC or outsource SOC-as-a-Service -> Calculate Prices
Given its excessive severity, the flaw has been assigned the utmost CVSS rating of 10.0, indicating the crucial nature of the vulnerability. The vulnerability impacts a number of merchandise, together with:
- Cisco Catalyst IW9165D Heavy-Responsibility Entry Factors
- Cisco Catalyst IW9165E Rugged Entry Factors and Wi-fi Shoppers
- Cisco Catalyst IW9167E Heavy-Responsibility Entry Factors
These gadgets are susceptible if working a inclined software program model with the URWB working mode enabled.
Cisco has launched software program patches to mitigate the difficulty, and customers are inspired to replace to the most recent software program variations instantly. Sadly, Cisco has confirmed that no workarounds are out there for this vulnerability.
Cisco customers can decide if their gadget is susceptible by utilizing the “present mpls-config” CLI command.
If this command is obtainable, it signifies that the URWB working mode is enabled, and the gadget is probably going affected. If the command is unavailable, the URWB mode is disabled, and the gadget just isn’t in danger.
This flaw has the potential to compromise a full system. Subsequently, organizations utilizing the affected Cisco merchandise are urged to prioritize patching their methods to keep away from being focused by attackers.
Run non-public, Actual-time Malware Evaluation in each Home windows & Linux VMs. Get a 14-day free trial with ANY.RUN!