Command Injection Vulnerability in Cisco WAP371 Wireless Access Point
CVE-2024-20287

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Business Wireless Access Point Software
Vendor: CVE Published:; 17 January 2024

Summary

A security vulnerability exists in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point that could allow an authenticated remote attacker to perform command injection attacks. This issue arises from inadequate validation of user-supplied input, enabling a potential attacker with administrative credentials to craft and send malicious HTTP requests. If successfully exploited, this vulnerability grants the attacker the ability to execute arbitrary commands with root privileges, ultimately compromising the device's security and functionality. Safeguarding the management interface and ensuring secure administrative practices are crucial to mitigating this risk.

Affected Version(s)

Cisco Business Wireless Access Point Software 1.0.1.5

Cisco Business Wireless Access Point Software 1.0.0.10

Cisco Business Wireless Access Point Software 1.0.0.9

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2024
Vulnerability Reserved
Nov 8, 2023