Cisco has issued a security update to address a critical vulnerability in its Ultra-Reliable Wireless Backhaul (URWB) access points. This flaw, affecting industrial wireless systems, could allow remote, unauthenticated attackers to execute commands with elevated privileges on affected devices.
Details of Vulnerability CVE-2024-20418
The vulnerability, identified as CVE-2024-20418, has a CVSS score of 10.0, classifying it as critical. It stems from improper input validation in the web-based management interface of Cisco Unified Industrial Wireless software. This allows attackers to send manipulated HTTP requests and execute commands with root permissions on the underlying operating system of compromised devices.
Products Affected by the Vulnerability
Cisco has clarified that this vulnerability affects products operating in URWB mode only, including:
- Catalyst IW9165D Heavy Duty Access Points
- Catalyst IW9165E Rugged Access Points and Wireless Clients
- Catalyst IW9167E Heavy Duty Access Points
Devices not configured in URWB mode are not impacted by CVE-2024-20418.
Mitigation Measures and Security Update
Cisco recommends upgrading to version 17.15.1 of the Cisco Unified Industrial Wireless software to mitigate this security risk. Users still on versions earlier than 17.14 should migrate to this updated version containing the security patch. Cisco confirmed the vulnerability was identified during internal security testing, with no reports of active exploitation in the wild.
Importance of Applying the Security Patch
Although there is no evidence of active exploitation, Cisco underscores the urgency of updating devices to the latest software version. Prompt application of this patch is essential to protect industrial networks from potential threats that could compromise the integrity and security of operating systems in critical environments.
Conclusion
Cisco continues to strengthen the security of its industrial systems through timely patches and updates. The company’s swift response to these vulnerabilities highlights its commitment to safeguarding its customers and critical systems in the era of digital transformation