Cisco fixes max-severity vulnerability in wireless backhaul access points

Cisco has released a patch to address a maximum severity vulnerability in its Ultra-Reliable Wireless Backhaul (URWB) access points used to provide connectivity for industrial wireless automation. The flaw, designated CVE-2024-20418, is due to improper validation of input to Cisco's Unified Industrial Wireless Software's web-based management interface. This interface is used by, and thus affects, various URWB access points, but only if they're running vulnerable software and have the URWB operating mode enabled.

The maximum-severity CVSS score provided to CVE-2024-20418 reflects that it can be easily exploited in low-complexity command injection attacks that don't require user interaction. Specifically, an unauthenticated threat actor could exploit CVE-2024-20418 simply by sending specially crafted HTTP requests to the web-based management interface of a vulnerable system.

Be the first to know of emerging threats.

Sign up to get our analysts' insights on emerging cyberattacks, vulnerabilities, and more sent straight to your inbox.

Sign up

Successful exploitation could ultimately allow threat actors to execute arbitrary commands with root privileges on the underlying operating system of the affected device.

Cisco has advised it has not observed any publicly available proof-of-concept exploit code for the vulnerabilities, nor has it observed any exploitation attempts. It is advising all users of the affected systems to install the latest security patch as soon as possible.

Source: Bleeping Computer

Analysis

Given that the affected URWB access points provide connectivity for industrial wireless automation, their compromise could potentially allow threat actors to disrupt the processes they are responsible for, resulting in a denial-of-service condition, or worse, deploying malware such as ransomware.

Fortunately, Cisco has generally been quick to identify flaws in its products and release patches addressing the issues, providing threat actors with a very small window in which they can develop and deploy exploits against the vulnerable products.

However, despite Cisco’s best efforts, users who don’t update their systems promptly risk giving threat actors with the right motivation and skillset a potential opportunity for an attack.

Mitigation

Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software, appliances and operating systems. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the exploitation of these vulnerabilities. Field Effect MDR users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect portal.

IT administrators can determine if the URWB operating mode is enabled by checking if the "show mpls-config" CLI command is available. If the command is not available, URWB is disabled, and the device will not be affected by CVE-2024-20418.

Field Effect strongly encourages users of vulnerable Cisco URWB access points to install the latest security patch as soon as possible in accordance with Cisco’s advisory.

Related Articles

• Cisco shuts ‘ArcaneDoor’ on exploitation of firewall zero days
• Critical vulnerability found in Cisco Unified Communications products
• Zero-day in thousands of Cisco IOS XE devices exploited