Critical Bug in Cisco UWRB Access Points Allows Attackers to Run Commands as Root

Summary: Cisco has identified and addressed a critical vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul (URWB) access points, which could allow unauthenticated remote attackers to execute commands with root privileges. The flaw is linked to improper input validation in the web-based management interface of the affected devices.

Threat Actor: Unauthenticated Remote Attackers | unauthenticated remote attackers
Victim: Cisco Ultra-Reliable Wireless Backhaul Access Points | Cisco Ultra-Reliable Wireless Backhaul Access Points

Key Point :

  • The vulnerability allows attackers to send crafted HTTP requests to execute arbitrary commands with root privileges.
  • Affected models include Catalyst IW9165D, IW9165E, and IW9167E access points in URWB mode.
  • There are currently no known exploits in the wild, and no workarounds are available for this vulnerability.

Cisco has addressed a critical vulnerability, tracked as CVE-2024-20418, that could be exploited by unauthenticated, remote attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points used for industrial wireless automation.

The vulnerability resides in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.

The vulnerability allows attackers to execute arbitrary commands with root privileges by sending crafted HTTP requests to the device.

“A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.” reads the advisory published by the company.

“This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.”

The vulnerability only affects specific models in URWB mode: Catalyst IW9165D, IW9165E, and IW9167E access points. To check if the device is affected, use the “show mpls-config” CLI command. If available, URWB mode is enabled and the device is vulnerable.

The Cisco PSIRT is not aware of attacks in the wild exploiting this vulnerability.

The IT giant pointed out that there are no workarounds that address this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – Cisco, URWB access points)



Source: https://securityaffairs.com/170646/security/cisco-uwrb-crirical-flaw.html