CVE-2024-20418

Name of the Vulnerable Software and Affected Versions Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points versions prior to 17.15.1 Catalyst IW9165D Heavy Duty Access Points versions prior to 17.15.1 Catalyst IW9165E Rugged Access Points and Wireless Clients versions prior to 17.15.1 Catalyst IW9167E Heavy Duty Access Points versions prior to 17.15.1

Description A vulnerability exists in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw allows an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. The vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability is actively exploited in the wild.