CVE-2024-20418 — Command Injection in Cisco Aironet Access Point Software

CWE-77 — Command Injection5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

3.5%

top 12.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Aironet Access Point Software

Timeline

PublishedNov 6

Description

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based m…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages1 packages

▶CVEListV5cisco/cisco_aironet_access_point_softwareN/A

🔴Vulnerability Details

CVEList

Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability↗2024-11-06

▶

GHSA

GHSA-jhvq-gr6c-9fw6: A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)↗2024-11-06

▶

📋Vendor Advisories

Cisco

Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability↗2024-11-06

▶

🕵️Threat Intelligence

Bleepingcomputer

Cisco bug lets hackers run commands as root on UWRB access points↗2024-11-06

▶