Critical bug in Cisco UWRB access points allows attackers to run commands as root


Critical bug in Cisco UWRB access points allows attackers to run commands as root

Pierluigi Paganini
November 07, 2024

Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands, compromising industrial wireless automation security.

Cisco has addressed a critical vulnerability, tracked as CVE-2024-20418, that could be exploited by unauthenticated, remote attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points used for industrial wireless automation.

The vulnerability resides in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.

The vulnerability allows attackers to execute arbitrary commands with root privileges by sending crafted HTTP requests to the device.

“A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.” reads the advisory published by the company.

“This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.”

The vulnerability only affects specific models in URWB mode: Catalyst IW9165D, IW9165E, and IW9167E access points. To check if the device is affected, use the “show mpls-config” CLI command. If available, URWB mode is enabled and the device is vulnerable.

The Cisco PSIRT is not aware of attacks in the wild exploiting this vulnerability.

The IT giant pointed out that there are no workarounds that address this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – Cisco, URWB access points)







Source link