Warning: Critical Command Injection In Cisco URWB With Root Privileges, Perfect CVSS 10 Score, Patch Immediately!
CVE-2024-20418: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Risques
The vulnerability has a perfect CVSS score of 10, meaning it has severe impact to the confidentiality, integrity, and availability of the affected systems. A threat actor can perform the attack remotely and they don’t need any prior authentication into the system, or user interaction.
Description
CVE-2024-20418 is a command injection vulnerability caused by improper input validation. It affects the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.
An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system, giving him the ability to execute arbitrary commands with root privileges in the underlying operating system of the affected device.
Visit the vendor’s advisory for more information: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.