1 min Security

Flaw in Cisco product gives unauthorized users admin privileges

Flaw in Cisco product gives unauthorized users admin privileges

Cisco reports a major security flaw in its Ultra-Reliable Wireless Backhaul systems. An unauthorized person is immediately granted admin rights, resulting in a risk score of ten out of ten.

Without authorization, hackers can breach the admin level of Cisco’s Ultra-Reliable Wireless Backhaul systems. Once inside, they gain privileges to install files.

“An attacker could exploit this vulnerability by sending fake HTTP requests to an affected system’s Web-based management interface,” Cisco warns. “A successful exploit would give the attacker the right to execute arbitrary commands with root privileges on the underlying operating system of the affected device.”

Highest CVSS score

The flaw is easy to exploit and allows hackers to do much damage. As such, it is given a CVSS score of ten out of ten. Affected systems are best updated as soon as possible. No evidence has been found that hackers have already actively exploited the vulnerability.

Three packages contain the flaw if URWB is activated in them. They are Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points.

Read more: SharePoint vulnerability is entry into entire corporate network