Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

2 weeks ago

(Image credit: Shutterstock)

Cisco issues urgent spot for worrying information flaw
Vulnerability could person allowed hackers to tally malicious code
Industrial systems and platforms peculiarly affected, truthful update now

Cisco has patched a captious vulnerability successful immoderate of its package which could person allowed threat actors to tally malicious code remotely.

In a information advisory, Cisco said it discovered a flaw successful nan web-based guidance interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.

These entree points are designed for industries that require highly dependable and robust wireless connections successful challenging environments. They are peculiarly celebrated among industries wherever maintaining accordant connectivity is captious for operations, specified arsenic proscription and logistics, nationalist information and emergency services, utilities and energy, aliases mining and construction.

Cisco says update now

The bug that was discovered is tracked arsenic CVE-2024-20418, and has a apical severity people - 10/10.

"An attacker could utilization this vulnerability by sending crafted HTTP requests to nan web-based guidance interface of an affected system," Cisco said successful nan advisory. "A successful utilization could let nan attacker to execute arbitrary commands pinch guidelines privileges connected nan underlying operating system of nan affected device."

Cisco products susceptible to this flaw are Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points. Products that are not moving successful URWB mode are not affected by vulnerability, Cisco said.

To take sides against imaginable compromises, users are advised to upgrade their Cisco Unified Industrial Wireless Software to type 17.15.1. All those utilizing versions 17.14 and earlier are advised not to stall pinch nan patching.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Cisco did not mention uncovering immoderate grounds (or deficiency thereof) of maltreatment successful nan wild. It said it discovered nan flaw during soul information testing, truthful it could beryllium that miscreants haven’t yet picked up connected it. However, now that nan feline is retired of nan bag, it’s only a matter of clip earlier they commencement hunting for susceptible endpoints.

Via TheHackerNews

You mightiness besides like

Cisco's merch shop targeted by vulnerable malware
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology