Ceragon Siklu MultiHaul and EtherHaul Series
Summary
CISA has issued an alert regarding a critical vulnerability in Ceragon Siklu MultiHaul and EtherHaul Series microwave antennas. The vulnerability allows unauthenticated arbitrary file uploads to any writable location on the device due to a lack of authentication and path validation on the rfpiped service.
IFF Assessment
FOE
This vulnerability allows unauthenticated file uploads, which can lead to compromise of critical infrastructure communication devices.
Severity
4.3
Medium
Defender Context
This vulnerability affects critical infrastructure, specifically communications equipment deployed worldwide. Defenders should prioritize patching or mitigating affected Ceragon Siklu devices to prevent unauthorized file uploads and potential device compromise.