Alerts

Critical Vulnerability in Cisco Unified Industrial Wireless Software

8 November 2024

Cisco has released security updates addressing a critical vulnerability (CVE-2024-20418) in Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. The vulnerability has a maximum Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.

Successful exploitation of the command injection vulnerability could allow an attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.

The vulnerability affects the following products which have the URWB operating mode enabled:

Catalyst IW9165D Heavy Duty Access Points

Catalyst IW9165E Rugged Access Points and Wireless Clients

Catalyst IW9167E Heavy Duty Access Points

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2024-20418

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

https://thehackernews.com/2024/11/cisco-releases-patch-for-critical-urwb.html

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Critical Vulnerability in Cisco Unified Industrial Wireless Software

Reach us