VMware Issues Critical Updates for vCenter Server Flaw
November 7, 2024
Canada Orders TikTok to Shut Down Over Security Concerns
November 7, 2024
Cisco has resolved a critical security flaw that previously allowed attackers to execute root-level commands on compromised Ultra-Reliable Wireless Backhaul (URWB) access points, which are essential for industrial wireless automation networks.
This vulnerability, identified as CVE-2024-20418, was discovered in the web-based management interface of Cisco’s Unified Industrial Wireless Software. It enables unauthorized threat actors to carry out low-complexity command injection attacks without requiring user interaction.
According to Cisco’s security advisory released on Wednesday, “This vulnerability is caused by inadequate validation of inputs within the web-based management interface. An attacker could leverage this weakness by sending specially crafted HTTP requests to the affected system’s management interface.”
If successful, an attacker could gain root-level access to execute arbitrary commands on the device’s operating system. This flaw affects Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points, provided they are running the vulnerable software version with URWB mode enabled.
Cisco’s Product Security Incident Response Team (PSIRT) has found no indication of exploit code being publicly available nor evidence that this vulnerability has been exploited in attacks so far.
To determine if URWB mode is enabled, administrators can use the “show mpls-config” CLI command. If this command is unavailable, it indicates URWB is disabled, and the device is not impacted by this vulnerability.
In a related effort, Cisco also patched a denial-of-service vulnerability in its Cisco ASA and Firepower Threat Defense (FTD) software in July, following reports of large-scale brute-force attacks on Cisco VPN devices, which led to the discovery of the flaw back in April.
Additionally, one month prior, Cisco rolled out security patches to address another command injection vulnerability with a public exploit, which allowed privilege escalation to root on affected systems.
In July, CISA and the FBI advised software vendors to eliminate OS command injection vulnerabilities in products before release, prompted by recent attacks on network devices from Cisco, Palo Alto, and Ivanti where multiple OS command injection flaws (CVE-2024-20399, CVE-2024-3400, and CVE-2024-21887) had been exploited.
