Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Avatar
Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management
[[{“value”:”

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges.

Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management interface of the Cisco Unified Industrial Wireless Software.

“An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system,” Cisco said in an advisory released Wednesday.

“A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.”

The shortcoming impacts following Cisco products in scenarios where the URWB operating mode is enabled –

Catalyst IW9165D Heavy Duty Access Points
Catalyst IW9165E Rugged Access Points and Wireless Clients
Catalyst IW9167E Heavy Duty Access Points

The networking equipment maker emphasized that products that are not operating in URWB mode are not affected by CVE-2024-20418. It said the vulnerability was discovered during internal security testing.

It has been addressed in Cisco Unified Industrial Wireless Software version 17.15.1. Users who are on versions 17.14 and earlier are recommended to migrate to a fixed release.

Cisco makes no mention of the flaw being actively exploited in the wild. That said, it’s essential that users move quickly to apply the latest patches to secure against potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns

Next Post

A Hacker’s Guide to Password Cracking

Related Posts

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by
Avatar
Read More