Imechapishwa: Nov 08, 2024 22:42
Advisory No: TZCERT-SA-24-0044
Source: Cisco
Software Affected: Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point
Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point is affected by a critical vulnerability. The vulnerability could allow a remote attacker to perform a command injection against the affected device.
Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point is affected by a critical vulnerability tracked as CVE-2024-20418 with a base score of 10. The vulnerability is due to improper validation of input to the web-based management interface where the attacker could send a crafted HTTP requests to the web-based management interface of an affected system. Upon successful submission, unauthenticated remote attacker to may perform command injection attacks with root privileges on the underlying operating system.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
Cisco has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.