Cisco has launched safety updates to deal with a most severity safety flaw impacting Extremely-Dependable Wi-fi Backhaul (URWB) Entry Factors that would allow unauthenticated, distant attackers to run instructions with elevated privileges.
Tracked as CVE-2024-20418 (CVS rating: 10.0), the vulnerability has been described as stemming from a scarcity of enter validation to the web-based administration interface of the Cisco Unified Industrial Wi-fi Software program.
“An attacker might exploit this vulnerability by sending crafted HTTP requests to the web-based administration interface of an affected system,” Cisco mentioned in an advisory launched Wednesday.
“A profitable exploit might permit the attacker to execute arbitrary instructions with root privileges on the underlying working system of the affected machine.”
The shortcoming impacts following Cisco merchandise in eventualities the place the URWB working mode is enabled –
- Catalyst IW9165D Heavy Responsibility Entry Factors
- Catalyst IW9165E Rugged Entry Factors and Wi-fi Purchasers
- Catalyst IW9167E Heavy Responsibility Entry Factors
The networking tools maker emphasised that merchandise that aren’t working in URWB mode usually are not affected by CVE-2024-20418. It mentioned the vulnerability was found throughout inside safety testing.
It has been addressed in Cisco Unified Industrial Wi-fi Software program model 17.15.1. Customers who’re on variations 17.14 and earlier are advisable emigrate to a set launch.
Cisco makes no point out of the flaw being actively exploited within the wild. That mentioned, it is important that customers transfer shortly to use the newest patches to safe towards potential threats.
