Article Details
Scrape Timestamp (UTC): 2024-11-06 19:35:12.104
Original Article Text
Click to Toggle View
Cisco bug lets hackers run commands as root on UWRB access points. Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. Tracked as CVE-2024-20418, this security flaw was found in Cisco's Unified Industrial Wireless Software's web-based management interface. Unauthenticated threat actors can exploit it in low-complexity command injection attacks that don't require user interaction. "This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system," Cisco said in a security advisory published on Wednesday. "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device." As the company explains, the vulnerability impacts Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points, but only if they're running vulnerable software and have the URWB operating mode enabled. Cisco's Product Security Incident Response Team (PSIRT) has yet to discover evidence of publicly available exploit code or that this critical security flaw has been exploited in attacks. Admins can determine if the URWB operating mode is enabled by checking if the "show mpls-config" CLI command is available. If the command is not available, URWB is disabled, and the device will not be affected by this vulnerability. Cisco also fixed a denial-of-service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software in July, which was discovered in April while exploited in large-scale brute-force attacks targeting Cisco VPN devices. One month earlier, the company released security updates to address another command injection vulnerability with public exploit code that lets attackers escalate privileges to root on vulnerable systems. In July, CISA and the FBI urged software companies to eliminate path OS command injection vulnerabilities before shipping in response to recent attacks where Cisco, Palo Alto, and Ivanti network edge devices were compromised by exploiting multiple OS command injection security flaws (CVE-2024-20399, CVE-2024-3400, and CVE-2024-21887).
Daily Brief Summary
Cisco has addressed a highly critical vulnerability, CVE-2024-20418, in its Ultra-Reliable Wireless Backhaul (URWB) access points.
The flaw exists in the web-based management interface of Cisco's Unified Industrial Wireless Software, allowing unauthenticated attackers to execute root-level commands.
Attackers can exploit the vulnerability via simple, crafted HTTP requests without needing user interaction.
Affected units include Catalyst IW9165D, IW9165E, and IW9167E access points, only vulnerable when configured in URWB mode.
Cisco has found no evidence of actual exploitation or publicly available exploit codes for this vulnerability yet.
Administrators are advised to check the presence of URWB operating mode through specific CLI commands as a mitigation step.
This update follows other security measures by Cisco addressing command injection and denial-of-service vulnerabilities across different products.
Cisco's proactive fixes come in response to industry-wide calls for better security against command injection flaws, emphasized by CISA and the FBI.