Cisco has mounted a most severity vulnerability that permits attackers to run instructions with root privileges on weak Extremely-Dependable Wi-fi Backhaul (URWB) entry factors that present connectivity for industrial wi-fi automation.
Tracked as CVE-2024-20418, this safety flaw was present in Cisco’s Unified Industrial Wi-fi Software program’s web-based administration interface. Unauthenticated risk actors can exploit it in low-complexity command injection assaults that do not require consumer interplay.
“This vulnerability is because of improper validation of enter to the web-based administration interface. An attacker might exploit this vulnerability by sending crafted HTTP requests to the web-based administration interface of an affected system,” Cisco mentioned in a safety advisory revealed on Wednesday.
“A profitable exploit might permit the attacker to execute arbitrary instructions with root privileges on the underlying working system of the affected machine.”
As the corporate explains, the vulnerability impacts Catalyst IW9165D Heavy Obligation Entry Factors, Catalyst IW9165E Rugged Entry Factors and Wi-fi Shoppers, and Catalyst IW9167E Heavy Obligation Entry Factors, however provided that they’re operating weak software program and have the URWB working mode enabled.
Cisco’s Product Safety Incident Response Group (PSIRT) has but to find proof of publicly obtainable exploit code or that this vital safety flaw has been exploited in assaults.
Admins can decide if the URWB working mode is enabled by checking if the “present mpls-config” CLI command is on the market. If the command is just not obtainable, URWB is disabled, and the machine is not going to be affected by this vulnerability.
Cisco additionally mounted a denial-of-service flaw in its Cisco ASA and Firepower Risk Protection (FTD) software program in July, which was found in April whereas exploited in large-scale brute-force assaults focusing on Cisco VPN units.
One month earlier, the corporate launched safety updates to handle one other command injection vulnerability with public exploit code that lets attackers escalate privileges to root on weak methods.
In July, CISA and the FBI urged software program corporations to eradicate path OS command injection vulnerabilities earlier than delivery in response to current assaults the place Cisco, Palo Alto, and Ivanti community edge units have been compromised by exploiting a number of OS command injection safety flaws (CVE-2024-20399, CVE-2024-3400, and CVE-2024-21887).