November 6, 2024 at 02:38PM
Cisco has resolved a critical vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul access points, allowing unauthorized command execution with root privileges via a web interface. The flaw affects certain Catalyst access points with vulnerable software. Cisco’s security teams found no evidence of exploitation so far.
### Meeting Notes Takeaways:
1. **Vulnerability Identified**:
– Cisco has addressed a critical severity vulnerability (CVE-2024-20418) that allows attackers to execute commands with root privileges on certain Ultra-Reliable Wireless Backhaul (URWB) access points.
2. **Affected Products**:
– The vulnerability specifically impacts:
– Catalyst IW9165D Heavy Duty Access Points
– Catalyst IW9165E Rugged Access Points and Wireless Clients
– Catalyst IW9167E Heavy Duty Access Points
– It affects these devices only if they are running vulnerable software with URWB enabled.
3. **Exploitation Details**:
– The security flaw arises from improper input validation in the web-based management interface of Cisco’s Unified Industrial Wireless Software.
– Unauthenticated attackers can exploit it using low-complexity command injection attacks without user interaction.
4. **Status of Exploit Code**:
– Cisco’s Product Security Incident Response Team (PSIRT) has not found any public exploit code or evidence of exploitation of this vulnerability in attacks.
5. **Admin Actions**:
– Administrators can check if URWB mode is enabled by using the “show mpls-config” CLI command. If this command is unavailable, URWB is disabled and the device is not affected.
6. **Recent Security Updates**:
– Cisco also resolved a denial-of-service vulnerability in its ASA and Firepower Threat Defense (FTD) software in July, which was under active exploitation.
– Previous updates addressed another command injection vulnerability related to privilege escalation.
7. **Industry Response**:
– CISA and the FBI have advised software companies to eliminate path OS command injection vulnerabilities to enhance network security, particularly after recent compromises involving various vendors’ devices.
### Action Items:
– Ensure that all affected systems are checked for URWB mode and apply necessary updates.
– Monitor security advisories from Cisco and other authorities for further updates.