Cisco Releases Patch for Essential URWB Vulnerability in Industrial Wi-fi Programs

Nov 07, 2024Ravie LakshmananVulnerability / Wi-fi Expertise

Cisco has launched safety updates to deal with a most severity safety flaw impacting Extremely-Dependable Wi-fi Backhaul (URWB) Entry Factors that might allow unauthenticated, distant attackers to run instructions with elevated privileges.

Tracked as CVE-2024-20418 (CVS rating: 10.0), the vulnerability has been described as stemming from an absence of enter validation to the web-based administration interface of the Cisco Unified Industrial Wi-fi Software program.

“An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system,” Cisco stated in an advisory launched Wednesday.

“A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.”

Cybersecurity

The shortcoming impacts following Cisco merchandise in situations the place the URWB working mode is enabled –

  • Catalyst IW9165D Heavy Responsibility Entry Factors
  • Catalyst IW9165E Rugged Entry Factors and Wi-fi Purchasers
  • Catalyst IW9167E Heavy Responsibility Entry Factors

The networking tools maker emphasised that merchandise that aren’t working in URWB mode usually are not affected by CVE-2024-20418. It stated the vulnerability was found throughout inner safety testing.

It has been addressed in Cisco Unified Industrial Wi-fi Software program model 17.15.1. Customers who’re on variations 17.14 and earlier are really helpful emigrate to a hard and fast launch.

Cisco makes no point out of the flaw being actively exploited within the wild. That stated, it is important that customers transfer shortly to use the most recent patches to safe towards potential threats.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.

Recent articles

Researchers Warn of Privilege Escalation Dangers in Google’s Vertex AI ML Platform

Nov 15, 2024Ravie LakshmananSynthetic Intelligence / Vulnerability Cybersecurity researchers have...

How AI Is Reworking IAM and Id Safety

Lately, synthetic intelligence (AI) has begun revolutionizing Id Entry...

Vietnamese Hacker Group Deploys New PXA Stealer Focusing on Europe and Asia

Nov 15, 2024Ravie LakshmananMalware / Credential Theft A Vietnamese-speaking risk...

Excessive-Severity Flaw in PostgreSQL Permits Hackers to Exploit Surroundings Variables

Nov 15, 2024Ravie LakshmananVulnerability / Database Safety Cybersecurity researchers have...