КућаСајбер БалканVulnerability in Cisco System Allows Attackers to Execute Commands as Root User

Vulnerability in Cisco System Allows Attackers to Execute Commands as Root User

Објављено на

spot_img

A critical vulnerability has been found in Cisco Unified Industrial Wireless Software, specifically impacting Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw, identified as CVE-2024-20418, allows malicious remote attackers to execute command injection attacks and run unauthorized commands as the root user on the affected devices’ underlying operating system.

The vulnerability arises from insufficient validation of inputs within the web-based management interface of the impacted systems. Exploiting this flaw is relatively simple, as attackers only need to send specially crafted HTTP requests to the web interface to gain root-level access.

Due to the severity of this vulnerability, it has been given the maximum CVSS score of 10.0, highlighting its critical nature. Various Cisco products are affected by this vulnerability, including the Cisco Catalyst IW9165D Heavy-Duty Access Points, Cisco Catalyst IW9165E Rugged Access Points and Wireless Clients, and Cisco Catalyst IW9167E Heavy-Duty Access Points. These devices are at risk if they are running a vulnerable software version with the URWB operating mode enabled.

Cisco has released software patches to address this issue, and users are strongly advised to update to the latest software versions promptly. Unfortunately, there are no workarounds available for this vulnerability. Cisco users can check if their device is vulnerable by using the “show mpls-config” CLI command. If the command is accessible, it indicates that the URWB operating mode is enabled, and the device is likely impacted. Conversely, if the command is not available, the URWB mode is disabled, and the device is not vulnerable.

This vulnerability has the potential to compromise entire systems, making it imperative for organizations using the impacted Cisco products to prioritize patching their systems to prevent potential attacks. It is crucial for users to act swiftly to safeguard their networks and data from malicious exploitation.

For organizations concerned about the security of their systems, implementing robust cybersecurity measures and staying informed about potential vulnerabilities are essential. By staying proactive and vigilant, organizations can mitigate risks and protect their assets from cyber threats.

In conclusion, the discovery of this critical vulnerability highlights the ongoing challenges in maintaining cybersecurity in an increasingly digital world. It serves as a reminder for organizations to prioritize security measures and take proactive steps to secure their networks and data from potential threats.

Извор линк

Најновији чланци

Xiphera and Crypto Quantique Partner Up

Xiphera, a company specializing in hardware-based cryptographic security, has recently made a significant announcement...

Interlock Ransomware Targets US Healthcare, IT, and Government Sectors

A new ransomware group known as Interlock has been causing significant havoc across various...

Beware of SteelFox Malware Impersonating Popular Software to Swipe Browser Data

SteelFox Malware Continues to Target Software Pirates Worldwide Recently, cybersecurity researchers at Securelist uncovered a...

Hacker Alleges to Release Nokia Source Code

Finnish telecommunications equipment manufacturer Nokia is currently conducting an investigation into reports of source...

Више овако

Xiphera and Crypto Quantique Partner Up

Xiphera, a company specializing in hardware-based cryptographic security, has recently made a significant announcement...

Interlock Ransomware Targets US Healthcare, IT, and Government Sectors

A new ransomware group known as Interlock has been causing significant havoc across various...

Beware of SteelFox Malware Impersonating Popular Software to Swipe Browser Data

SteelFox Malware Continues to Target Software Pirates Worldwide Recently, cybersecurity researchers at Securelist uncovered a...
sr_RSSerbian