Cisco Releases Patch for Critical Vulnerability in Industrial Wireless URWB Systems

Cisco has issued a security update to address a critical vulnerability in its Ultra-Reliable Wireless Backhaul (URWB) access points. This flaw, affecting industrial wireless systems, could allow remote, unauthenticated attackers to execute commands with elevated privileges on affected devices.

Details of Vulnerability CVE-2024-20418

The vulnerability, identified as CVE-2024-20418, has a CVSS score of 10.0, classifying it as critical. It stems from improper input validation in the web-based management interface of Cisco Unified Industrial Wireless software. This allows attackers to send manipulated HTTP requests and execute commands with root permissions on the underlying operating system of compromised devices.

Products Affected by the Vulnerability

Cisco has clarified that this vulnerability affects products operating in URWB mode only, including:

  • Catalyst IW9165D Heavy Duty Access Points
  • Catalyst IW9165E Rugged Access Points and Wireless Clients
  • Catalyst IW9167E Heavy Duty Access Points

Devices not configured in URWB mode are not impacted by CVE-2024-20418.

Mitigation Measures and Security Update

Cisco recommends upgrading to version 17.15.1 of the Cisco Unified Industrial Wireless software to mitigate this security risk. Users still on versions earlier than 17.14 should migrate to this updated version containing the security patch. Cisco confirmed the vulnerability was identified during internal security testing, with no reports of active exploitation in the wild.

Importance of Applying the Security Patch

Although there is no evidence of active exploitation, Cisco underscores the urgency of updating devices to the latest software version. Prompt application of this patch is essential to protect industrial networks from potential threats that could compromise the integrity and security of operating systems in critical environments.

Conclusion

Cisco continues to strengthen the security of its industrial systems through timely patches and updates. The company’s swift response to these vulnerabilities highlights its commitment to safeguarding its customers and critical systems in the era of digital transformation

 

Related Posts
Devel Group
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.