So Cisco really did drop a CVSS 10 on the day after the US election? I WAS FUCKING JOKING, CISCO!

@cR0w link plz!

@buherator Forgot to CTRL+V. Added to the original post. This one is also interesting though: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL

@cR0w I'm sorry but ActivityPub is...could you just post that link in a reply?

@buherator https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

@cR0w Thank you!

@cR0w command injection so this is in fact an "Ultra-Reliable" RCE!

@buherator Exactly

@buherator Good thing everyone's in a good place and ready to get it patched right away...

@cR0w @buherator

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.

Yeeeikes. Uhhh, worth noting that I believe this class of device is commonly used for municipal wifi so...there's that?

@mttaggart @buherator And those silly utilities.

@cR0w you might have been joking. Cisco unfortunately was not…again.

@thekileen Can't make a joke when you are the joke, I suppose.