• Cisco issues patch to fix serious flaw allowing possible industri

    From TechnologyDaily@1337:1/100 to All on Thursday, November 07, 2024 20:30:05
    Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

    Date:
    Thu, 07 Nov 2024 20:29:00 +0000

    Description:
    The flaw was discovered during internal testing.

    FULL STORY ======================================================================Cisco issues urgent patch for worrying security flaw Vulnerability could have allowed hackers to run malicious code Industrial systems and platforms particularly affected, so update now

    Cisco has patched a critical vulnerability in some of its software which
    could have allowed threat actors to run malicious code remotely.

    In a security advisory, Cisco said it discovered a flaw in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.

    These access points are designed for industries that require highly
    dependable and robust wireless connections in challenging environments. They are particularly popular among industries where maintaining consistent connectivity is critical for operations, such as transportation and
    logistics, public safety and emergency services, utilities and energy, or mining and construction. Cisco says update now

    The bug that was discovered is tracked as CVE-2024-20418, and has a top severity score - 10/10.

    "An attacker could exploit this vulnerability by sending crafted HTTP
    requests to the web-based management interface of an affected system," Cisco said in the advisory. "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device."

    Cisco products vulnerable to this flaw are Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points. Products that are not working in URWB mode are not affected by vulnerability, Cisco said.

    To defend against potential compromises, users are advised to upgrade their Cisco Unified Industrial Wireless Software to version 17.15.1. All those
    using versions 17.14 and earlier are advised not to stall with the patching.

    Cisco did not mention finding any evidence (or lack thereof) of abuse in the wild. It said it discovered the flaw during internal security testing, so it could be that miscreants havent yet picked up on it. However, now that the
    cat is out of the bag, its only a matter of time before they start hunting
    for vulnerable endpoints.

    Via TheHackerNews You might also like Cisco's merch store targeted by dangerous malware Here's a list of the best firewalls today These are the
    best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisco-issues-patch-that-fixes-serious-f law-allowing-possible-industrial-systems-takeover


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)