CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

Description

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-53290 : DELL WYSE PROPRIETARY OS 2408 COMMAND INJECTION

CVE-2024-53290 : DELL WYSE PROPRIETARY OS 2408 COMMAND INJECTION

Description Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability. An

CVE-2024-35117 : IBM OPENPAGES WITH WATSON 9.0 TRACING LOG FILE CLEARTEXT STORAGE

CVE-2024-35117 : IBM OPENPAGES WITH WATSON 9.0 TRACING LOG FILE CLEARTEXT STORAGE

Description IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

Description In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC)