10
CVSSv3

CVE-2024-20418

CVSSv4: NA | CVSSv3: 10 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.00043 | KEV: Not Included
Published: 06/11/2024 Updated: 06/11/2024

Vulnerability Summary

Root Privilege Command Injection in Cisco URWB Access Points

An input validation flaw exists in the web management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw might let a remote attacker, without logging in, perform command injection with root access on the system. The problem happens because of poor input checking. Attackers can take advantage of this by sending specially made HTTP requests to the web interface. If successful, they can run any commands they want as root on the system of the affected device.

Vulnerability Trend

Recent Articles

Cisco bug lets hackers run commands as root on UWRB access points
BleepingComputer • Sergiu Gatlan • 06 Nov 2024

Cisco bug lets hackers run commands as root on UWRB access points By Sergiu Gatlan November 6, 2024 02:34 PM 0 Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. Tracked as CVE-2024-20418, this security flaw was found in Cisco's Unified Industrial Wireless Software's web-based management interface. Unauthenticat...

Cisco scores a perfect CVSS 10 with critical flaw in its wireless system
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Ultra-Reliable Wireless Backhaul doesn't live up to its name

Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert. The weakness – dubbed CVE-2024-20418 and made public yesterday – is with the Unified Industrial Wireless Software that the devices use. Crucially, the flaw is serious enough that a remote attacker with no privileges could upgrade themselves to admin-level access and install whatever nasties they like. "An attacker could exploit this vulnerability by sending...