{"id":6146,"date":"2024-11-07T15:37:55","date_gmt":"2024-11-07T21:37:55","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/cisco-bug-command-injection-attacks"},"modified":"2024-11-07T15:37:55","modified_gmt":"2024-11-07T21:37:55","slug":"cisco-bug-could-lead-to-command-injection-attacks","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/07\/cisco-bug-could-lead-to-command-injection-attacks\/","title":{"rendered":"Cisco Bug Could Lead to Command Injection Attacks"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Cisco is warning of a bug found in its Unified industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) access points that could allow an unauthenticated remote attacker to release command injection attacks.<\/span><\/p>\n

An attacker could exploit the vulnerability by sending HTTP requests to the Web-based management interface of an affected system. If successful, the attacker could execute arbitrary commands with root privileges in the affected device’s underlying operating system.<\/span><\/p>\n

The vulnerability exists due to an improper validation of input to the Web-based management interface. It affects the three <\/span>Cisco wireless access points<\/a><\/span> (APs) if they have the URWB operating mode enabled and are running a vulnerable release: Catalyst IW9165D, Catalyst IW9165E (both APs and clients), and Catalyst IW9167E.<\/span><\/p>\n

Devices not running URWB operating mode remain unaffected by this vulnerability. To ascertain whether URWB is enabled, users should use the “show mpls-config” CLI command.<\/span><\/p>\n

“If the command is available, the URWB operating mode is enabled and the device is affected by this vulnerability,” <\/span>Cisco said<\/a><\/span>. “If the command is not available, the URWB operating mode is disabled and the device is not affected by this vulnerability.”<\/span><\/p>\n

Cisco said it’s unaware of any public exploitation of the vulnerability and has released a fix for the flaw, but there are no other workarounds to address it.<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Cisco is warning of a bug found in its Unified<\/p>\n","protected":false},"author":12,"featured_media":6147,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-6146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/cisco-bug-could-lead-to-command-injection-attacks-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6146"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6146\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/6147"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}