Cisco has issued a critical alert regarding a flaw in its Ultra-Reliable Wireless Backhaul systems, allowing remote attackers to gain admin-level access and install malicious software. The vulnerability, identified as CVE-2024-20418, impacts Unified Industrial Wireless Software, enabling unauthorized command execution with root privileges through crafted HTTP requests. The affected devices include Catalyst IW9165D, IW9165E, and IW9167E models, all of which require immediate patching without workarounds.
Cisco warned that attackers could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of the affected system. A successful exploit could result in executing arbitrary commands with root privileges on the operating system, making this particularly dangerous, as the devices are often used in critical infrastructure environments like factories and ports.
Collection
[
|
...
]