Cisco has mounted a most severity vulnerability that permits attackers to run instructions with root privileges on weak Extremely-Dependable Wi-fi Backhaul (URWB) entry factors that present connectivity for industrial wi-fi automation.
Tracked as CVE-2024-20418, this safety flaw was present in Cisco’s Unified Industrial Wi-fi Software program’s web-based administration interface. Unauthenticated risk actors can exploit it in low-complexity command injection assaults that do not require consumer interplay.
“This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system,” Cisco stated in a safety advisory revealed on Wednesday.
“A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.”
As the corporate explains, the vulnerability impacts Catalyst IW9165D Heavy Obligation Entry Factors, Catalyst IW9165E Rugged Entry Factors and Wi-fi Shoppers, and Catalyst IW9167E Heavy Obligation Entry Factors, however provided that they’re working weak software program and have the URWB working mode enabled.
Cisco’s Product Safety Incident Response Workforce (PSIRT) has but to find proof of publicly obtainable exploit code or that this important safety flaw has been exploited in assaults.
Admins can decide if the URWB working mode is enabled by checking if the “show mpls-config” CLI command is out there. If the command will not be obtainable, URWB is disabled, and the system is not going to be affected by this vulnerability.
Cisco additionally mounted a denial-of-service flaw in its Cisco ASA and Firepower Menace Protection (FTD) software program in July, which was found in April whereas exploited in large-scale brute-force assaults concentrating on Cisco VPN units.
One month earlier, the corporate launched safety updates to deal with one other command injection vulnerability with public exploit code that lets attackers escalate privileges to root on weak methods.
​In July, CISA and the FBI urged software program firms to eradicate path OS command injection vulnerabilities earlier than delivery in response to current assaults the place Cisco, Palo Alto, and Ivanti community edge units have been compromised by exploiting a number of OS command injection safety flaws (CVE-2024-20399, CVE-2024-3400, and CVE-2024-21887).
