Cisco Patches Critical Vulnerability in Industrial Wireless Access Points
BleepingComputer
|
Contributed by: Reid Stephan
Summary
Cisco has released a security update to address a serious vulnerability, CVE-2024-20418, affecting its Ultra-Reliable Wireless Backhaul (URWB) access points, which are critical for industrial wireless automation. The flaw, located in the web-based management interface of Cisco's Unified Industrial Wireless Software, allows unauthenticated attackers to execute commands with root privileges through command injection attacks without user interaction. This vulnerability affects specific models, including the Catalyst IW9165D, IW9165E, and IW9167E access points, only when running vulnerable software in URWB mode. While there is no evidence of active exploitation or publicly available exploit code, administrators are advised to check their devices for risk using the "show mpls-config" command.
