Command Injection Vulnerability in Cisco Unified Industrial Wireless Software Could Allow Remote Root Access
Key Information
- Vendor
- Cisco
- Status
- Cisco Aironet Access Point Software (iOS Xe Controller)
- Vendor
- CVE Published:
- 6 November 2024
Badges
Summary
A critical security vulnerability, CVE-2024-20418, has been discovered in the web-based management interface of Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points. It allows an unauthenticated, remote attacker to execute root-level commands on the underlying operating system. The lack of input validation in the web interface enables remote unauthorized users to inject commands, potentially leading to complete control of the device. The affected products include Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points. Cisco has released patches to address the vulnerability but urges immediate implementation due to the seriousness of the flaw. There are currently no reported exploits in the wild, but the nature of the vulnerability poses a significant risk, especially for critical infrastructure targets.
Affected Version(s)
Cisco Aironet Access Point Software (IOS XE Controller) =
News Articles
CyberSecurityNews CVE-2024-20418Cisco Industrial Wireless Software Flaw Let Attackers Run Command As Root User
A critical security vulnerability tracked as βCVE-2024-20418β, was detected recently in the web GUI of Cisco Unified Industrial Wireless Software installed on Ultra-Reliable Wireless Backhaul (URWB) Access Points.
2 weeks ago
CVE-2024-20418Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw
Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert. The weakness β dubbed CVE-2024-20418 and made public yesterday β is...
2 weeks ago
The Register CVE-2024-20418Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw
Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert. The weakness β dubbed CVE-2024-20418 and made public yesterday β is...
2 weeks ago
CVSS V3.1
Timeline
Risk change from: null to: 10 - (CRITICAL)
Vulnerability started trending.
- πΎ
Exploit exists.
First article discovered by GBHackers News
Vulnerability published.