Cisco Patches Severe Vulnerability in URWB Access Points

November 6, 2024

Cisco has rectified a high-severity vulnerability that could enable attackers to execute commands with root privileges on susceptible Ultra-Reliable Wireless Backhaul (URWB) access points. The access points are used for connectivity in industrial wireless automation. The vulnerability, identified as CVE-2024-20418, was detected in the web-based management interface of Cisco's Unified Industrial Wireless Software. The flaw could be exploited by unauthenticated threat actors in low-complexity command injection attacks that do not necessitate user interaction.

Cisco's security advisory published on Wednesday stated, "This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device."

The vulnerability affects Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points. However, the devices are only vulnerable if they are running susceptible software and have the URWB operating mode activated. Cisco's Product Security Incident Response Team (PSIRT) has not found any evidence of publicly available exploit code or that this critical security flaw has been exploited in attacks.

In July, Cisco also addressed a denial-of-service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was detected in April while being exploited in large-scale brute-force attacks targeting Cisco VPN devices. In June, the company released security updates to address another command injection vulnerability with public exploit code that allowed attackers to escalate privileges to root on vulnerable systems.

In response to recent attacks exploiting multiple OS command injection security flaws (CVE-2024-20399, CVE-2024-3400, and CVE-2024-21887), CISA and the FBI have urged software companies to eliminate these types of vulnerabilities before shipping. Cisco, Palo Alto, and Ivanti network edge devices were compromised in these attacks.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.