CVE-2024-20418

Published Nov 6, 2024

Last updated 11 days ago

CVSS critical 10.0

Overview

Description
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.
Source
ykramarz@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

ykramarz@cisco.com
CWE-77

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2024-20418

    @transilienceai

    17 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Kritieke kwetsbaarheid in cisco access points maakt commando-injectie mogelijk https://t.co/xfB3Am4MSo #CVE-2024-20418 #Cisco kwetsbaarheid #Commando-injectie #URWB Access Points #Cisco beveiligingsadvies #Trending #Tech #Nieuws

    @TrendingNewsBot

    13 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Kritieke kwetsbaarheid in cisco unified industrial wireless software ontdekt https://t.co/FdxVuBm3Nq #CVE-2024-20418 #Cisco kwetsbaarheid #Cisco Unified Industrial Wireless Software #Cisco URWB Access Points #commando-injectieaanvallen #Trending #Tech #Nieuws

    @TrendingNewsBot

    13 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Kritieke kwetsbaarheid in cisco wireless software maakt commando-injectie mogelijk https://t.co/att2uOLtWy #CVE-2024-20418 #Cisco Kwetsbaarheid #Commando-injectie #Cisco URWB Access Points #Netwerkbeveiliging #Trending #Tech #Nieuws

    @TrendingNewsBot

    13 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Kritieke kwetsbaarheid in cisco systemen bedreigt draadloze netwerkveiligheid https://t.co/cktsXWHf64 #CVE-2024-20418 #Cisco kwetsbaarheid #URWB access points #commando-injectieaanvallen #netwerkveiligheid #Trending #Tech #Nieuws

    @TrendingNewsBot

    13 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 2/10📌Details on CVE-2024-20418: This vulnerability holds a perfect CVSS score of 10.0 due to poor input validation in @Cisco's web-based management interface. A critical reminder that even minor oversights in validation can lead to devastating breaches. #CybersecurityTips

    @Eth1calHackrZ

    13 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 1/10 🚨 Cybersecurity Alert: @Cisco has released a critical security patch addressing a serious vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul (#URWB) Access Points. This flaw allows remote command execution with root privileges. #Cybersecurity #CiscoPatch

    @Eth1calHackrZ

    13 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 1/11🚨@Cisco disclosed CVE-2024-20418, a critical vulnerability in its Unified Industrial Wireless software. With a CVSS score of 10/10,this flaw allows remote, unauthenticated attackers to execute commands with root privileges, risking industrial network security. #CyberSecurity

    @Eth1calHackrZ

    12 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Cisco CVSS 10 RCE: CVE-2024-20418 with products using wireless backhaul Affects Catalyst IW9165D Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Access Points in URWB mode https://t.co/82fJCeh9mD

    @router_bugs

    11 Nov 2024

    143 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. به تازگی آسیب پذیری با کد شناسایی CVE-2024-20418 برای نرم افزار Unified Industrial Wireless مربوط به سیسکو منتشر شده است.این آسیب پذیری امکان اجرای کامند و command injection را با سطح دسترسی root را امکان پذیر می نماید. https://t.co/Y2P1U3eX7Y https://t.co/c8BM6XVufo

    @AmirHossein_sec

    8 Nov 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Cisco 産業用ワイヤレス アクセス ポイントの重大な脆弱性が修正されました (CVE-2024-20418) Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) #HelpNetSecurity (Nov 7) https://t.co/JNJPz78vgr

    @foxbook

    7 Nov 2024

    245 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Revisando las alertas de Cisco veo que se les olvidó el CVE-2024-20418 (cvss score 10/10) y viendo la secuencia del resto de cve's se ve que lo omitieron, pero vamos, que son varías críticas. Luego niegan el data breach y yo ya no sé qué pensar 🎶 https://t.co/zc4DMoU2vg

    @niemand108

    7 Nov 2024

    230 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Critical Cisco flaw (CVE-2024-20418) in URWB Access Points! Unauthenticated attackers can gain root access. Affected: Catalyst IW9165D/E & IW9167E. Urgent: Patch now! No workarounds. #Cybersecurity #Cisco https://t.co/7mjCHJM8u4

    @redfoxsec

    7 Nov 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Cisco bug lets hackers run commands as root on UWRB access points: https://t.co/RtKEjseQkF Cisco has addressed a critical vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul (URWB) access points, allowing unauthenticated attackers to execute commands with root

    @securityRSS

    7 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE number = CVE-2024-20418 A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform https://t.co/zWdRiCtySk

    @SystemTek_UK

    7 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 Critical Vulnerabilities Alert! 🚨 Cisco URWB and HPE Aruba Access Points are affected by CVE-2024-20418 and CVE-2024-42509, risking unauthorized access. Our insights can help you discover mitigation steps. 👉 https://t.co/eU7ZD9Pw0r #CyberSecurity #Cisco #HPE… https://t.co/p

    @socradar

    7 Nov 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Critical #vulnerability in #Cisco industrial wireless #access points fixed (CVE-2024-20418) https://t.co/uqEgM3vmMU

    @ScyScan

    7 Nov 2024

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Cisco has issued updates for CVE-2024-20418, a critical vulnerability in Ultra-Reliable Wireless Backhaul Access Points (CVSS: 10.0) that allows unauthorized root command execution. Read: https://t.co/ShteGLfQCn Update to version 17.15.1 ASAP to protect your network!

    @TheHackersNews

    7 Nov 2024

    48462 Impressions

    30 Retweets

    98 Likes

    17 Bookmarks

    0 Replies

    1 Quote

  19. 🚨CVE Alert: Critical Cisco URWB Command Injection Vulnerability 🚨 Vulnerability Details: CVE-2024-20418 (CVSS 10/10) Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability Impact A successful exploit allow the attacker to execute arbitrary commands… h

    @CyberxtronTech

    7 Nov 2024

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2024-20418:: CVSS 10/10 -- Critical Remote code execution (RCE) flaw in Cisco Unified Industrial Wireless Software.. #PatchNOW Technical Details of the vulnerability: https://t.co/ghrxO4xe7s #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach https

    @patchnow24x7

    7 Nov 2024

    436 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    2 Quotes

  21. CRITICAL VULNERABILITIES Cisco Security Advisories November 2024 URL: https://t.co/w0qgi8SjFq Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0 CVEs: CVE-2024-20418, CVE-2024-20536, CVE-2024-20484, CVE-2024-20445, #cisco #hack

    @CharyyevPerman

    7 Nov 2024

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 CVE-2024-20418 (CVSS 10): Critical Cisco URWB Access Points Vulnerable to Remote Takeover - Cisco warns of a command injection flaw in its Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points. - **CVE-2024-20418** allows… https://t.co

    @Ransom_DB

    7 Nov 2024

    73 Impressions

    0 Retweets

    0 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  23. Cisco Ultra-Reliable Wireless Backhaulアクセス ポイント向け Cisco Unified Industrial Wireless Software の Web ベースの管理インターフェイスに脆弱性があり、リモートでOSに対してルート権限を使用してコマンド インジェクション攻撃を実行できる可能性 CVE-2024-20418 CVSS10.0 Critical https://t.co/UjMOZm427u

    @t_nihonmatsu

    7 Nov 2024

    279 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  24. CVE-2024-20418 Root Privilege Command Injection in Cisco URWB Access Points An input validation flaw exists in the web management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable W... https://t.co/9q2QhAGhHu

    @VulmonFeeds

    7 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨 Command Injection with Root privilege in Cisco URWB Access Points Cisco has released a patch—no workarounds exist. Update your systems ASAP! #CyberSecurity #Cisco #Vulmon CVE-2024-20418 https://t.co/Esx4Qwsuxy

    @vulmoncom

    6 Nov 2024

    112 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. [CVE-2024-20418: CRITICAL] Critical vulnerability alert! Attackers can exploit Cisco URWB Access Points web interface, gaining root access. Immediate action needed to secure systems. #cybersecurity#cybersecurity,#vulnerability https://t.co/0QCCXOoOQy https://t.co/jlv78eUG86

    @CveFindCom

    6 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. The severity is increased for this new vulnerability affecting Cisco IOS XE Controller (CVE-2024-20418) https://t.co/D4rX7EVT2i

    @vuldb

    6 Nov 2024

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2024-20418 A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points co… https://t.co/2flRUZpDAB

    @CVEnew

    6 Nov 2024

    603 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References