CVE-2024-20418 CRITICAL

CVE-2024-20418: Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability

Vendor Cisco
Product Cisco Aironet Access Point Software (IOS XE Controller)
Weakness CWE-77
Published November 6, 2024
Last update November 8, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.

Key dates

02Disclosure timeline

November 6, 2024 CVE published
November 8, 2024 Record updated