Cisco Patches Severe Vulnerability in URWB Access Points

November 6, 2024

Cisco has rectified a high-severity vulnerability that could enable attackers to execute commands with root privileges on susceptible Ultra-Reliable Wireless Backhaul (URWB) access points. The access points are used for connectivity in industrial wireless automation. The vulnerability, identified as CVE-2024-20418, was detected in the web-based management interface of Cisco's Unified Industrial Wireless Software. The flaw could be exploited by unauthenticated threat actors in low-complexity command injection attacks that do not necessitate user interaction.

Cisco's security advisory published on Wednesday stated, "This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device."

The vulnerability affects Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points. However, the devices are only vulnerable if they are running susceptible software and have the URWB operating mode activated. Cisco's Product Security Incident Response Team (PSIRT) has not found any evidence of publicly available exploit code or that this critical security flaw has been exploited in attacks.

In July, Cisco also addressed a denial-of-service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was detected in April while being exploited in large-scale brute-force attacks targeting Cisco VPN devices. In June, the company released security updates to address another command injection vulnerability with public exploit code that allowed attackers to escalate privileges to root on vulnerable systems.

In response to recent attacks exploiting multiple OS command injection security flaws (CVE-2024-20399, CVE-2024-3400, and CVE-2024-21887), CISA and the FBI have urged software companies to eliminate these types of vulnerabilities before shipping. Cisco, Palo Alto, and Ivanti network edge devices were compromised in these attacks.

Related News

• Ivanti Addresses Critical RCE Vulnerability in Endpoint Management Software
• Cisco Addresses Backdoor Admin Account in Smart Licensing Utility
• U.S. Agencies Highlight Ongoing Ransomware Attacks by Iranian Hacking Group
• Iranian Hackers Collaborate with Ransomware Gangs for Extortion
• Chinese Hackers Leverage Zero-Day Cisco Switch Flaw for System Control

Latest News

• ToxicPanda Android Botnet Attacks Banks in Europe and Latin America
• Google Addresses Two Actively Exploited Android Zero-Days in November Security Updates
• Custom 'Pygmy Goat' Malware Targets Sophos Firewall in Government Network Attack
• Ollama AI Framework Vulnerabilities: DoS, Model Theft, and Poisoning Possible
• Microsoft SharePoint Remote Code Execution Vulnerability Exploited in Corporate Network Breach