Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

在命令中使用的特殊元素转义处理不恰当(命令注入)

Cisco Unified Industrial Wireless Software 命令注入漏洞

Cisco Unified Industrial Wireless Software是美国思科（Cisco）公司的专为工业环境设计的无线软件，它支持高可用性、低延迟和零数据包丢失，适用于移动机器和其他资产的无线连接。 Cisco Unified Industrial Wireless Software存在命令注入漏洞，该漏洞源于对基于Web的管理界面的输入验证不当。未经身份验证的远程攻击者以root权限对底层操作系统执行命令注入攻击。

N/A

N/A