Updates have been released by Cisco to remediate a maximum severity bug in its Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul, tracked as CVE-2024-20418, which could be easily exploitable in command injection intrusions, according to BleepingComputer.
Impacted by the flaw, which stems from improper input validation to the web-based management interface, are Catalyst IW9165E Rugged Access Points and Wireless Clients, Catalyst IW9165D Heavy Duty Access Points, and Catalyst IW9167E Heavy Duty Access Points with activated URWB, noted Cisco. "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device," said Cisco, which added that no exploits or active abuse of the security issue have been detected so far. Such a development comes months after Cisco addressed an actively exploited denial-of-service vulnerability in its Adaptive Security Appliance and Firepower Threat Defense devices.
