CVE-2024-20418 (CVSS 10): Cisco URWB Devices Exposed to Root-Level Attacks
Cisco has addressed a critical vulnerability with a CVSS score of 10, which allowed attackers to execute commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points used in industrial automation networks.
The vulnerability, designated CVE-2024-20418, was identified in the web management interface of Cisco Unified Industrial Wireless Software. Unauthorized attackers could exploit it through command injection, requiring minimal preparation and no user interaction.
Cisco explains that the issue stemmed from improper input validation within the web interface. An attack could be carried out by sending specially crafted HTTP requests to the vulnerable system, enabling the attacker to execute arbitrary commands with root privileges on the device’s operating system.
The vulnerability affects Cisco Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points, but only when URWB mode is enabled and a vulnerable software version is in use.
Cisco PSIRT team experts report no evidence of publicly available exploits for this vulnerability nor any instances of it being exploited in real-world attacks.
Administrators can check if URWB mode is enabled by using the command “show mpls-config” in the CLI interface. If the command is unavailable, URWB mode is disabled, and the vulnerability does not threaten the device.
Previously, Cisco mitigated a denial-of-service vulnerability in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, which had been actively exploited in VPN device attacks.
In June, the company also released a security update addressing another command injection vulnerability that allowed attackers to escalate privileges to the root level.
In July, speaking at the RSA Conference, Jen Easterly, head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), urged developers to rigorously inspect code for potential vulnerabilities during the development phase. According to her, robust code is the only way to eradicate cyberattacks.
