Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability

cisco-sa-backhaul-ap-cmdinj-R7E28Ecs · Critical · Published · Updated

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2024-20418
Cisco Bug IDsCSCwk98052
CVSS ScoreBase 10.0
Base 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Aironet Access Point Software (IOS XE Controller)

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2024-20418 Cisco OpenVuln
Cisco IOS XE Software CVE-2024-20418 Cisco OpenVuln
Cisco IOS Software CVE-2024-20418 Cisco OpenVuln
Cisco Ultra-Reliable Wireless Backhaul CVE-2024-20418 Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller) CVE-2024-20418 Cisco OpenVuln
Cisco Aironet Access Point Software CVE-2024-20418 Cisco OpenVuln